Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • HACKING
  • SLOT
  • CASINO
  • SUBMIT
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • HACKING
  • SLOT
  • CASINO
  • SUBMIT
Crypto Flexs
Home»HACKING NEWS»Junami Hack Postmortem: What Happened?
HACKING NEWS

Junami Hack Postmortem: What Happened?

By Crypto FlexsNovember 26, 20232 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Junami Hack Postmortem: What Happened?
Share
Facebook Twitter LinkedIn Pinterest Email

There are already a lot of Zunami hack posthumous articles that are almost identical. Here is our opinion.

Exploit Causes

The exploit consisted of two hacks, both of which: Price caching vulnerability The first target was Zunami ETH (zETH) and the second target was Zunami Stable (UZD). The first attack was drained. Only 26 WETH, the second is a whopping 1178 WETH.

The root cause was price manipulation using . MIMCurveStakeDao The strategy is to then cache the inflated price for an entire block of UZD (suitable for flash lending) and then reverse the previous operation to profit from the inflated price.

price caching

UZD’s Liquidity Pool (LP) price caching was partially implemented in version 1.0. thanked By Ackee Blockchain. However, it is not used globally and functions as follows: balanceOf Instead of caching, we were making multiple costly calls (calculating LP prices in our strategy).

Caching has been expanded with the following features: totalSupply, balanceOf and allowance later UZD version 1.1. Caching has been adjusted in the following way:

source

This allowed inflated prices to be called in other contracts. balanceOf function.

Version 1.1 was released without an audit. It was later audited by HashEx for the release of v1.2 on October 29, 2023. audit reportNo attack vectors using cached functions were found.

MIMCurveStakeDao Strategy

This strategy was introduced in commit. 6df0ae5. Since the calculation is based on the price and balance of the strategy, an attacker can change the LP price calculation by donating SDT tokens to the strategy. This strategy was audited by HashEx before release (see this). audit report) However, no exploitability was found.

attack

The attack occurred on August 13 and can be viewed here. https://explorer.phalcon.xyz/tx/eth/0x0788ba222970c7c68a738b0e08fb197e669e61f9b226ceec4cab9b85abe8cceb

Or you can check: PoC (Good job DeFiHackLabs!)

We hope this postmortem will be helpful and contribute to making web3 a safer place free of hacking and exploits.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

RLUSD Stablecoin is extended to Africa to supply power to the border between the border.

September 5, 2025

Solana-packee blockchain manually spreads

September 3, 2025

Are you ready to token everything?

September 1, 2025
Add A Comment

Comments are closed.

Recent Posts

RLUSD Stablecoin is extended to Africa to supply power to the border between the border.

September 5, 2025

Bybit Establishes New B2B Unit To Drive Institutional Adoption Of Digital Assets

September 5, 2025

Lowkick Studio Launches $SHARDS Token On Top Tier Exchanges For WorldShards MMORPG

September 5, 2025

The cryptocurrency is falling when the tokens and stocks connected to Trump are under pressure.

September 5, 2025

Cango Inc. Reports Second Quarter 2025 Unaudited Financial Results

September 5, 2025

Coindesk July 2025 Report: Stablecoins and CBDC

September 5, 2025

NOWPayments To Participate In SiGMA Europe Rome 2025

September 4, 2025

Web3 Enabler Announces Blockchain Payments V3.1 At Northeast Dreamin In Boston

September 4, 2025

Is XRP The Dark Horse Of The Cryptocurrency World? Earn 652 XRP Daily Using Invro Mining’s Smart Contract

September 4, 2025

TRX Was Early, ETH Set The Standard, BNB Built The Scale- Now SYC Brings The Next Evolution

September 4, 2025

Sign Up And Receive $500 Bonus, Ushering In A New Era Of Compliant And Secure Crypto Investment

September 4, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

RLUSD Stablecoin is extended to Africa to supply power to the border between the border.

September 5, 2025

Bybit Establishes New B2B Unit To Drive Institutional Adoption Of Digital Assets

September 5, 2025

Lowkick Studio Launches $SHARDS Token On Top Tier Exchanges For WorldShards MMORPG

September 5, 2025
Most Popular

US spot Bitcoin ​ETF records net inflows for 3 consecutive days

April 24, 2024

Coinbase Adds Polygon Native Token (POL) to Listing Roadmap Ahead of September MATIC Rebrand

August 23, 2024

Jason Ficino, X Hall of Flame

January 14, 2025
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.