Pendle released Penpie attack analysis report: Immediately suspending the contract after the vulnerability was discovered, preventing further losses

On September 4th, Pendle released a Penpie attack analysis report. "After discovering a security vulnerability, Pendle immediately suspended our contract, protecting approximately $105 million in security, which could have been further lost from Penpie. At 01:45 today, the attacker deployed the first contract for the attack. Our real-time internal monitoring system detected it as a suspicious contract, which was funded by Tornado Cash and interacted with the Pendle contract. At 01:46, the team was aware of this danger signal and remained vigilant, while conducting an investigation to determine whether this posed a real security threat to Pendle. At 02:23, the first attack occurred on Penpie, an independent protocol built on top of Pendle. At 02:25 (approximately 2 minutes after the Penpie security vulnerability occurred), the Pendle team worked to protect Pendle and the Pencosystem from any subsequent attacks. At 02:34, Pendle also contacted security expert Seal911 to help assess the situation, evaluate options, and develop appropriate strategies to prevent any further related attacks. At 02:45, we managed to suspend all contracts on Pendle. Afterwards, the team contacted protocols using PendlePT as collateral and notified them of the contract suspension. At 02:52, our development team confirmed that the Pendle contract was secure and that the attack was due to a unique issue with Penpie. The vulnerability was discovered to be related to a unique feature that allowed Pendle markets to be listed on Penpie without permission. At 08:50, after strict checks and coordination with all parties involved in steps 1 and 2, the Pendle contract was safely released from suspension and resumed normal operation."