CertiK: KyberSwap vulnerability exists in the implementation of Elastic's computeSwapStep() function

CertiK posted on social media that the vulnerability in the KyberSwap attack exists in the implementation of the computeSwapStep() function in KyberSwap Elastic. This function calculates the actual exchange input/output amounts to be deducted or added, the exchange fee to be charged, and the resulting sqrtP. The function first calls the calcReachAmount() function, which concludes that the attacker's slippage will not cross the scale line, but incorrectly generates a slightly larger price than the targetSqrtP calculated by calling "calcFinalPrice". Therefore, liquidity was not removed, resulting in the attack. The attacker performed precise calculation operations on the liquidity pool within the empty scale range, using cross-exchange liquidity counts to deplete many KyberSwap pools containing low liquidity.

KyberSwap

Comments

All Comments

Recommended for you

Cointime's Evening Highlights for May 24th

1. CryptoPunks Launches “Super Punk World” Digital Avatar Series
Pudgy Penguins and Lotte strategically cooperate to expand into the Korean market, and the floor price rose by 3.1% on the 7th

The NFT series "Pudgy Penguins" has recently announced a strategic partnership with South Korean retail and entertainment giant Lotte Group on the X platform to expand its market in South Korea and surrounding areas. More information will be announced in the future. According to CoinGecko data, the floor price of Pudgy Penguins is currently 11.8 ETH, with a 7-day increase of 3.1%.
CryptoPunks Launches “Super Punk World” Digital Avatar Series

Blue-chip NFT project CryptoPunks announced the launch of "Super Punk World" on X platform, which is the project's first release of 500 digital avatars inspired by the iconic CryptoPunks features and combined with Super Cool World attributes. It is reported that the series may launch auctions in the future, and more details about the collection and auction of this series will be announced soon.
Cointime精选 ·

‘We’re just scratching the surface’ of crypto and AI — Microsoft exec

The symbiotic relationship between AI and crypto is still in its nascent stages, according to tech execs.
Cointime精选 ·

Big miners pose a growing existential threat to Bitcoin

As of May, AntPool and Foundry USA controlled more than 50% of Bitcoin's hash rate. That could become a problem for Bitcoin users in the near future.
Cointime精选 ·

Bybit’s Notcoin listing debacle, China firm’s profits up 12-fold after crypto buy: Asia Express

Bybit CEO apologises for Notcoin listing woes, Hong Kong crypto ETFs dissapoint, China firm's profits surge 1100% after crypto buy
Cointime精选 ·

Is onboarding too hard? Crypto adoption still faces major obstacles

Progress has been made in streamlining the Web3 onboarding process, but the flood of mainstream users has not yet arrived.
Drift Foundation: The governance mechanism is gradually being improved, and DRIFT is one of the components

The Drift Foundation stated on the X platform that the DRIFT token is a component of governance and a key element in empowering the community to shape the future. The governance mechanism is gradually improving, and more information will be announced soon.
Cointime精选 ·

What the DOJ’s First MEV Lawsuit Means for Ethereum

In a highly technical overview of an exploit that has since been patched, government prosecutors find that exploiting code is a crime. CoinDesk reached out to several experts in the Ethereum community to get their views on the case.
Cointime精选 ·

Bitcoin is getting stronger (within crypto)

From the bear market until now Bitcoin has seen its dominance go from 38% all the way to now 53% pretty much in a straight line.