$170 000 USD

MARCH 2021




Iron Finance offers "a Partially-collateralized Stablecoin on the Binance Smart Chain". The iron token is "pegged to $1, partly backed by collateral like BUSD, and partially backed by STEEL. The collateralized ratio (CR), which is the collateralized and algorithmic ratio, depends on the market pricing of IRON. If the market demand for IRON is high, the system can be de-collateralized by decreasing the CR vis-a-vis when the demand is decreased."


"The latest decentralized finance protocol to get exploited is Iron Finance. The platform lost $170,000 from its liquidity pools following erroneous actions by the team." "Two vFarm liquidity pools (50% IRON—50% SIL pool; 50% IRON—50% BUSD pool) lost a total of 170,000 US dollars. Later, the official publication of the incident stated that: 1. The cause of the attack was due to the upgrade of the cloud service (FaaS) and the change in the reward rate integer, but the official team was not aware of the problem. Later, an attacker made a profit of 170,000 U.S. dollars by selling all the local token SIL rewards. 2. The Iron Finance smart contract has no loopholes. 3. vFarms will be restarted on March 18th, and SIL tokens will be restarted to sIRON. 4. Users should not sell or exchange IRON tokens for the time being. When the new pool is restarted, the full amount of BUSD can be redeemed. The Iron Finance agreement was launched on the BSC in early March. The IRON stablecoin is pegged to the U.S. dollar, partly backed by collateral such as BUSD and USDT, and partly backed by the SIL algorithm."


As explained by Value DeFi: "There has been an upgrade on FaaS, in which the reward rate is in normal integer instead of Ggwei as before. Unfortunately, Iron.Finance team was unware of the change and updated Iron vFarm pools with reward rate in Gwei. This caused the pools' rewards inflated by 10^18 times."


"Two Iron Finance vFarm pools were recently subject to an incident that resulted in the loss of user deposits." "A user who farmed in these two pools, claimed all SIL rewards allocated for farming over the next 12 months and made a profit of around $170k by selling SIL for BUSD on vSwap." "The bad actor(s) made off with $170,000 worth of its native SIL tokens. These were then sold for BUSD (Binance’s stablecoin) on the markets."


"It explained that vFarms will be relaunched on March 18 and the SIL token will be relaunched as sIRON. Iron Finance also published a document for affected users to enter their details. This is likely to help coordinate a refund process for the new tokens." "If you are an affected user by the Iron Finance vFarms incident (16 March 2021)" "Please fill out the following form. If you had more than 1 address with SIL or IRON, please submit these in separate forms."

Iron Finance offered a new form of stablecoin which took a hybrid approach.


A couple of liquidity pools on the platform were used to exchange between their "Iron" token and SIL or BUSD. These pools were breached.


The project appears to have made an effort to reimburse affected users in full.


Decentralized smart contracts are essentially hot wallets. It is impossible to prove the security.


If funds can't be stored in an offline multi-signature wallet, then a fund should be available for reimbursement of the full amount.


Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.