Hackers strike once more this week, this time at the expense of an out there exploit inside Temple DAO’s code. Temple’s “STAX Finance” protocol, which offered a liquidity pool of TEMPLE and FRAX tokens was exploited early Tuesday, leading to a $2.3M price of tokens seized by the hacker.
Let’s take a look at what we all know within the early hours of the exploit.
Down Goes The Temple
The protocol suffered a vulnerability within the staking ‘migrateStake’ performance, based on blockchain auditors Paladin. The exploit was first known as out by Spreek on Twitter. Arguably essentially the weirdest part of the entire thing is that the funds have been seemingly out there for the taking for a while. In accordance with respected dev 0xfoobar, the funds have been “available on the chain for months,” leaving fairly a bit to be desired from all events concerned.
Temple DAO was seemingly unaudited because the sensible contract code right here didn’t match the invoice of a multi-million greenback liquidity pool; because the aforementioned sources name out, the exploit was surprisingly straightforward. The exploiter merely used an outdated staking name code and a faux deal with to withdraw the LP funds. The vulnerability was out there to be taken benefit of for a number of months.
The Temple DAO's exploiter swapped LP tokens for ETH funds on their approach out. | Supply: ETH-USD on TradingView.com
The Exploits Proceed
Sleuths have already found that the exploiter’s pockets were funded from a Binance pocket, so it’s fairly potential that Binance seems to be into monitoring down that pockets (STAX has suggested that they’re “following up with Binance and will initialize a white hat bounty for the exploiter”). In any other case, this latest exploit is simply one other one to chew the mud, sadly.
Nonetheless, it’s removed from the ‘nail in the coffin’ for the lesser-known Temple DAO. In accordance with DefiLlama, the DAO has a complete worth locked (TVL) simply shy of $60M – so it ought to reside to see one other day.