$20 700 000 USD
DESCRIPTION OF EVENTS
"Popsicle Finance is a multichain yield optimization platform for Liquidity Providers. Turn on our auto-pilot, relax, and boost your yield." "Popsicle Finance helps users provide liquidity in a user-friendly manner." "Join the Adventure."
"Bob has some assets and he has heard of the advantages of being a Market Maker,but everything is complicated and counter-intuitive. Bob boards the Popsicle Space-truck and discovers that his tokens can be put there and the Shuttle team will take care of everything for him. While Popsicle optimizes his yield, Bob gets a cozy ride across the galaxy making more money but doing less work and spending less on gas."
"Popsicle Finance will manage liquidity across multiple chains in order to increase capital efficiency and automatically provide its users with the highest possible yield on the assets they wish to deploy to liquidity pools."
"Our first product is a farming protocol that allows users to stake their assets to gain delicious rewards. This product incentivizes the use of other protocols on several blockchains with the goal of encouraging the use of the entire ecosystem. In the future, there will be a small fee for hosting new third-party projects (your project maybe!) in a simple one-click farm." "This is what Sorbetto Fragola is here for. With the market volatility, most LPs are completely out of range on @Uniswap V3. Fragola is still in range."
"The team that built Popsicle Finance has a long history and great experience in cryptocurrency. The majority of the team has been full-time in the cryptocurrency space since 2015." "We hope that our products will not only help our users but that they will also provide a valuable service to the cryptocurrency ecosystems as a whole."
"[T]he platform had been previously audited by two different security firms."
"DeFi protocol Popsicle Finance was attacked by hackers who took advantage of a smart contract in the platform’s Sorbetto Fragola liquidity manager. The liquidity manager is meant to optimize yields for those who use Uniswap V3, automatically finding the best range in order to earn the greatest return."
"On Aug 4th, 2021, Popsicle Finance suffered a huge financial loss (over $20M) from an attack." "This post is not something that we thought we would ever have to write and not something that is fun to announce, however as we know yesterday at 10:53 PM UTC time a hacker executed a transaction that managed to drain 85% of the Sorbetto Fragola (UniswapV3 Optimizer) pools." "SorbettoFragola was exploited, resulting in the loss of about $20.7M including 2.6K WETH, 5.4M USDC, 5M USDT, 160K DAI,10K UNI, and 96 WBTC."
"Our system has observed a couple of transactions that have called “collectFees(0,0)” of the SorbettoFragola contract. Some of them are the copycats who want to launch the similar attack of (0xcd7dae143a4c0223349c16237ce4cd7696b1638d116a72755231ede872ab70fc). Fortunately, there are only limited number of tokens in the pool."
"The hacker was able to trick the contract into paying out yields dating back to its inception rather than when the funds were deposited. The hacker was able to execute this exploit with multiple accounts, allowing them to siphon large amounts of Ethereum from users. Popsicle Finance acknowledged the hack and advised users to remove their funds from the impacted pools." "Sadly, neither we nor our 2 editors (Peckshield & Certik) noticed this bug."
"In order to start the explanation let’s first explain how Fragola actually works. Funds from the user go straight to UniV3. Popsicle Liquidity Provider (PLP) shares are then given to the user. The contract is given info about the user, how much he put in, and states when he deposited. The contract checks the user's position and how much fees he has earned proportionally to the total pool. The contract gives out the fees based on the set parameters. The hacker managed to [the information given about the user], specifically the state function."
"When users deposit tokens, it updates token0PerSharePaid and token1PerSharePaid, to keep track of the state that the user deposited the tokens into the specific Fragola pool. The reason for this is that it allows the contract to pay the user the fees from the direct state that he/she entered the pool. The hacker made the contract believe that he earned as many fees as the total TVL of the pool and thus is entitled to the $20.7m that was in the pool. This hack was only possible because everything happened within one transaction (due to flashloan)."
"The hacker took all these captured coins and first swapped them for ETH on Uniswap, and thereafter put them through Tornado.Cash to launder them." "Popsicle Finance’s native token, ICE, suffered a frosty 55% drop in price after news of the hack was made public."
"Deposits to all pools have been locked, the only pools available for withdrawal that have not been affected are the AXS/ETH, YGG/USDC, LINK/ETH, and all the EURt pools. Please withdraw any funds in these pools. These pools were most likely not affected as they just recently were added, as well as the LINK/ETH pool not having a significant TVL."
"[T]he individual team members have been large depositors to the Fragola pools, as in the end we built the product out of our own need. Thus we know how you as Isvikingers and Popsicle believers feel."
"We have already set up an application with Immunefi; they are a very reputable white-hat hacker bounty program. Although Peckshield and Certik definitely give bad tastes for overall auditing companies, we can confirm that we are working with Certora to do formal verifications and audits. We are also in contact with other auditing companies."
"STEP 1 of the recompensation is getting a $1 million loan from the Ironbank, with which we will immediately pay back 5% of the funds lost. Thereafter, we get a loan each month minimum of $500k, which will be used to pay back further funds." "Why do it on a monthly basis? As the protocol increases its profits again and ICE potentially increases in value, we will have more capital to get a bigger loan as well as it being less expensive."
"STEP 2 is that our founder, Daniele Sestagalli, is pledging 1,000,000 ICE from his personal allocation to be streamed over 1 year to the LPers in respective value that they have lost. LPers will be able to claim this whenever they like. The thinking here is essentially again, that as Popsicle grows again, this 1,000,000 ICE will be worth much more than it is today. Thus possibly users will actually be getting back more than they have lost with the first 2 steps together."
"STEP 3 is the innovative step and something no protocol or community has done before. It deals with the aspect of NFTs. We will work to make Spirit NFTs and Berserker NFTs (Berserkers is the old Scandinavian word for bear warrior, in other words, Viking warrior). The Spirit NFTs are dropped to all addresses (439) that were affected by the hack. The Berserker NFTs (10,000) are sold in an auction sale, and the money collected is used to pay back the affected addresses. We are still in the process of deciding how these NFTs will be distributed. We will keep you posted as soon as we know more!"
"Our devs have been incredibly hard-working over the past 5 days and we are really happy to say that the bug fix is in place, as well as some new security measures such as max withdrawal amounts and a few cool new features. You could consider this as a FragolaV2 so to say. We had calls with two auditing firms yesterday to finalize timelines, and we are putting the finishing touches on our Immunefi application. Thus, product-wise, we are at a really great point, and could not be more excited!"
"The Immunefi program is also going really well. We have just given out our first bounty of 5K dollars, to a long-time community member who found an issue that led to an improvement of the overall code."
"We are finally ready to start the Iron Bank loan, all the parameters can be found in our previous article here. The first 1 Million USDT repayment is coming, and it will be proportional to the amount lost in the hack." "We have initiated our Ironbank loan for 1 Million USDt, and have distributed these to all affected LPers!" "Users will get fUSDT dropped to the same address they LPd with on Popsicle however on Fantom Opera network. The fUSDT can then be bridged via multichain.xyz, only paying the fantom fees which are negligible."
"In order to verify the amount owing to you as part of the first Ironba[n]k repayment, we have set up google sheets with anonymized addresses that were affected by the hack."
"If you look closely, you will likely realize that the amount we are paying back is $18.58 million and not $20 million. This is because we have reason to believe that one address that was LPing was actually one associated with the hacker. We are not repaying these funds. If the owner of the address comes forward and proves via the Tornado Cash Compliance tool that he is not affiliated we will pay back to this address."
"As of last words, we just want to portray that we have learned from this expensive mistake. The beautiful thing is it is bringing the community closer together, it is bringing the overall DeFi space more together. As Daniele said in the AMA “In order to shoot an arrow and hit the target, you need to pull the string back”."
Popsicle Finance is another automated market maker where investors can provide liquidity into a smart contract hot wallet. A hacker was able to trick the smart contract into paying out more funds than it should have.
The hacker was successful at escaping with their funds. Popsicle Finance is in the process of making right the loss to all affected users, as well as a unique concept of distributing an NFT to those affected.
HOW COULD THIS HAVE BEEN PREVENTED?
The only truly secure storage of assets is an offline multi-sig wallet. Protocols run by known teams could explore options where most funds are in cold storage when not in use. In the future, it's very likely that insurance protocols will reduce some of the risk.
DeFi Project Popsicle Finance Suffers $25 Million Attack | Crypto Briefing (Aug 19)
blocksec-incidents/2021.md at main · openblocksec/blocksec-incidents · GitHub (Aug 11)
Popsicle Finance Post Mortem After Fragola Hack (Aug 29)
Rekt - Popsicle Finance - REKT (Aug 29)
The Analysis Of The Popsicle Finance Security Incident (Aug 29)
Popsicle Finance Exploit How The Hacker Did It (Aug 29)
@mudit__gupta Twitter (Aug 29)
@peckshield Twitter (Aug 29)
AMLBot (Aug 29)
Popsicle Finance (Sep 19)
Our Mission - Popsicle Finance (Sep 20)
CertiK Security Leaderboard - Popsicle Finance (Sep 20)
publications/peckshield-audit-report-btdotfinance-v1.0.pdf at master · peckshield/publications · GitHub (May 19)
Ethereum Transaction Hash (Txhash) Details | Etherscan (Sep 20)
Popsicle Finance Next Steps (Sep 20)
Popsicle Recovery Plan Update (Sep 20)
An Update On Popsicle Finance (Sep 20)
Hack Repayment - Google Sheets (Sep 20)
1 Million Payback (Sep 20)
Copycats Of The Popsicle Finance Attack (Oct 2)
Sorbetto Fragola Light - Popsicle Finance (Oct 2)
@popsiclefinance Twitter (Oct 2)
SorbettoFragola | 0xd63b340f6e9cccf0c997c83c8d036fa53b113546 (Oct 2)
SorbettoFragola/SorbettoFragola.sol at master · Popsicle-Finance/SorbettoFragola · GitHub (Oct 2)
https://medium.com/@Knownsec_Blockchain_Lab/analysis-of-popsicle-finance-lightning-loan-attack-36f48981e7c (Oct 2)