Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
Pendle released Penpie attack analysis report: Immediately suspending the contract after the vulnerability was discovered, preventing further losses

Pendle released Penpie attack analysis report: Immediately suspending the contract after the vulnerability was discovered, preventing further losses

CointimeCointime2024/09/04 04:48
By:Cointime

On September 4th, Pendle released a Penpie attack analysis report. "After discovering a security vulnerability, Pendle immediately suspended our contract, protecting approximately $105 million in security, which could have been further lost from Penpie. At 01:45 today, the attacker deployed the first contract for the attack. Our real-time internal monitoring system detected it as a suspicious contract, which was funded by Tornado Cash and interacted with the Pendle contract. At 01:46, the team was aware of this danger signal and remained vigilant, while conducting an investigation to determine whether this posed a real security threat to Pendle. At 02:23, the first attack occurred on Penpie, an independent protocol built on top of Pendle. At 02:25 (approximately 2 minutes after the Penpie security vulnerability occurred), the Pendle team worked to protect Pendle and the Pencosystem from any subsequent attacks. At 02:34, Pendle also contacted security expert Seal911 to help assess the situation, evaluate options, and develop appropriate strategies to prevent any further related attacks. At 02:45, we managed to suspend all contracts on Pendle. Afterwards, the team contacted protocols using PendlePT as collateral and notified them of the contract suspension. At 02:52, our development team confirmed that the Pendle contract was secure and that the attack was due to a unique issue with Penpie. The vulnerability was discovered to be related to a unique feature that allowed Pendle markets to be listed on Penpie without permission. At 08:50, after strict checks and coordination with all parties involved in steps 1 and 2, the Pendle contract was safely released from suspension and resumed normal operation."

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!

You may also like

ETF investors lack interest in crypto, report finds?

Of course, a lot has happened since the 600+ survey respondents shared their thoughts between Aug. 15 and Oct. 1

Blockworks2024/11/13 10:11