Fantasm_finance‘s collateral reserve pool has been exploited.

lunaray
Mar 10, 2022

Fantasm_finance is a DeFi project aimed at developing and popularizing synthetic #tokens for the FantomFDN Ecosystem.

On March 10, it was reported that hackers attacking Fantasm Finance used the Ethereum privacy trading platform Tornado.cash .

Fantasm_finance collateral reserve pool has been exploited. The attacker’s able to mint way more $XFTM tokens than they are supposed to and has swapped all of the tokens to #ETH. Total loss is around ~$2,700,000 (1,000 ETH).

Attack Flow: 1.The attacker deployed an unverified contract: 0x944b58c9b3b49487005cead0ac5d71c857749e3e. 2. In the first tx, the attacker swapped $FTM to $FSM and called mint() function in contract 0x880672ab1d46d987e5d663fc7476cd8df3c9f937.

The attacker called collect() function and collected way more XFTM token than supposed to. The attacker repeated step 2 and 3 several times.

Reference:https://twitter.com/CertiKAlert/status/1501736711314890753

--

--

lunaray

Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.