Another Attack on Polygon Based Yield Farm, Exploited $250,000

13

PolyYeld Finance’s YELD token crashed to zero because attackers attacked through a vulnerability and minting around 4.9 trillion tokens in the pool.

Recently the PolyYeld team informed their followers that they faced an attack in their pool because of a vulnerability in the platform. vulnerability was associated with the MasterChef contract.

MasterChef contract is made to distribute the free rewards token to the users which are contributing to the liquidity pool tokens. 

Team informed to their followers on telegram that 

“[The] xYELD token contains a transfer tax which was added to Masterchef, which unfortunately could not support tokens with transfer taxes.”

Clearly the team claimed that their reward contract system “MasterChef contract” could not support their system of reward distribution and that was a chance for attackers to mint tokens and attack.

The attackers minted around 4.9 trillion tokens and that resulted in a crash of the price of YELD token from $25 to around zero dollar. The attackers finally sold around 123 Ethereum which is worth $250,000 ( According to the current price of Ethereum).

PeckShield which is a security firm said that 

A Masterchef contract estimates rewards by dividing the pool value by the value of tokens staked, meaning if the pool value is reduced, it can dramatically inflate the rewards

This is totally a worst situation for Polygon based platforms. In the recent months we have seen many attacks on such types of platforms like Iron Finance, PolyWhale, and SafeDollar. All the attacks were almost same type, attackers hyperinflated the token supply and caused a price collapse.

Probably these types of attacks & unfair activities Binance team seeing clearly, that why they are running their bounty program of $10 million reward to fix the bugs on Binance smart chain.

Read also: Mastercard partners with 7 crypto startups to accelerator their payment infrastructure