free page hit counter

The fledgling decentralized funding protocol ForceDAO has had a rocky start, with several hacker attacks occurring just hours after launch.

The Ethereum-based yield aggregator had only launched its airdrop campaign on April 3, when four malicious “black-hat” hackers managed to scrap a total of 183 ETH worth about $ 367,000 at the time. A friendly “white-hat” hacker also helped the team by warning them to avoid further losses.

The team released a post-mortem of the attacks and took responsibility for what it called a “technical oversight.”

After the raid, the team made the decision to transfer 60 million FORCE tokens from the multi-signature treasury wallet to a deployer wallet to create and execute three votes that effectively control the FORCE balances in three of the hacker addresses. would burn.

The post-mortem explained that the affected xFORCE platform was a fork of one Sushi Exchange smart contract with a mechanism to roll back tokens in the event of failed transactions. The protocol describes xFORCE as the “interest bearing” version of FORCE, which represents stocks in its pools, similar to how LP tokens work.

A flaw in the contract used by ForceDAO allowed the attackers to use this mechanism to store xFORCE tokens, which were then withdrawn and exchanged for ETH in the markets. The team recognized that the attack would have been relatively easy to prevent.

“This could have been avoided by using a standard Open Zeppelin ERC-20 or by adding a safeTransferFrom wrapper to the xSUSHI contract.”

It added that the hack is currently under investigation as some of the addresses were from the popular exchanges FTX and BinanceA snapshot is taken and the project is restarted with a new xFORCE token added.

After launch and airdrop, FORCE token prices soared to over $ 2 on April 4, but have since crashed more than 95% to $ 0.05 at the time of writing.