$450 000 USD

NOVEMBER 2024

GLOBAL

VIRTUALTOKEN

DESCRIPTION OF EVENTS

"The vETH token (VirtualToken) is an ERC-20 token designed to facilitate token lending, wrapping, and unwrapping functionalities. It features a controlled loan mechanism, allowing only authorized factory contracts to call its takeLoanfunction and manage user debt. The token also integrates access control through a whitelist and factory mechanism, ensuring that interactions are limited to approved entities."

 

"The attack targeted interactions between the vETH token’s takeLoan function and a liquidity-adding function in the Factory contract, which manipulates the state of Uniswap pairs. The attacker leveraged this flaw to acquire vETH tokens without incurring the intended cost."

 

"The root cause of the hack was a flawed interaction between the takeLoan function in the vETH contract and the liquidity-adding function in the Factory contract. This function allowed state manipulation of Uniswap pools, enabling the attacker to inflate the pool's constant product and mint vETH without proper cost."

 

Explore This Case Further On Our Wiki

vETH is lending contract token with a loan control mechanism which is part of an unknown project on Ethereum. On November 14th, the smart contract was exploited which allowed for cheaper minting of vETH tokens. There is no word on any intended recovery of the funds or reimbursment for affected users.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2019 - 2025 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.