Bug Fix Led to $200M Attack
Whitehat hacker Kankodu had identified the Euler “first deposit bug” in July 2022 and received a $50,000 reward for the discovery.
The bug fix included the addition of a “donateToReserves” function in Euler’s code, meant to strengthen reserves.
A `donateToReserves` function was added and audited, by the Euler’s team.
However, this modification inadvertently created a more significant vulnerability, which was exploited in the $200 million attack.
“An innocent-looking function ended up compromising the entire protocol. This serves as an expensive lesson to treat even small bug fixes with the same level of importance as major updates,” - says Kankodu.
Fortunately, the Euler team managed to recover most of the drained funds later on.
A `donateToReserves` function was added and audited, by the Euler’s team.
However, this modification inadvertently created a more significant vulnerability, which was exploited in the $200 million attack.
“An innocent-looking function ended up compromising the entire protocol. This serves as an expensive lesson to treat even small bug fixes with the same level of importance as major updates,” - says Kankodu.
Fortunately, the Euler team managed to recover most of the drained funds later on.
