"Engineering Oversight” Costs ForceDAO $367k"
Hackers were able to steal cryptocurrency worth $367k from a new decentralized finance (DeFi) aggregator within hours of its launch. ForceDAO was launched on the morning of April 3. Its operators discovered that the platform was being exploited after receiving a tip from a 'white hat' hacker. During the investigation into the incident, it was found that an "engineering oversight" had allowed cyber-criminals to steal 183 Ethereum (ETH). The thefts were able to occur because of a flaw in the SushiSwap smart contract used by ForceDAO, which contained a mechanism that could revert tokens used in failed transactions. Malicious hackers exploited this flaw to mint xFORCE tokens, which they then withdrew and exchanged for ETH. The ForceDAO team stated that this incident could've been prevented by using a standard Open Zeppelin ERC-20 or adding a safeTransferFrom wrapper in the xSUSHI contract. The company added that all funds on their platform are safe and that only xFORCE was affected.
Infosecurity reports: "Engineering Oversight” Costs ForceDAO $367k"