• Dapps:16.23K
  • Blockchains:78
  • Active users:66.47M
  • 30d volume:$303.26B
  • 30d transactions:$879.24M

Penpie Attacked, Resulting in $30 Million Loss

user avatar

by Giorgi Kostiuk

2 years ago


  1. Preliminary Information
  2. Root Cause
  3. Attack Analysis

  4. On September 4, 2024, the decentralized liquidity yield project Penpie was attacked, resulting in nearly $30 million in losses. The SlowMist security team conducted an analysis of this incident.

    Preliminary Information

    Pendle Finance is a decentralized finance (DeFi) yield trading protocol with a total value locked (TVL) of over $4.5 billion. The protocol successfully integrates with Magpie to optimize yield opportunities and enhance its veTokenomics model. Building on this, Penpie introduces a liquidity mining feature, allowing Pendle Finance markets to generate passive income.

    Some important concepts in Pendle Finance:

    - **PT (Principal Token)**: Represents the principal amount at a future date. Holding a PT signifies ownership of the principal, which can be redeemed at maturity; for example, owning a 1-year PT-stETH option allows you to exchange it for 1 ETH worth of stETH after one year. - **YT (Yield Token)**: Represents future yield. Holding a YT entitles you to all real-time earnings generated by the underlying asset, which can be manually claimed on Pendle at any time. For example, if you hold 1 YT-stETH and the average yield rate of stETH is 5%, you will accumulate 0.05 stETH by the end of the year. - **SY (Simple Yield)**: A contract used to wrap any yield-bearing token. It provides a standardized interface to interact with any yield-generating mechanism of the token. - **LPT (Liquidity Provider Token)**: Represents a liquidity market and serves as a certificate for providing liquidity of the underlying asset. - **PRT (Pool Reward Token)**: Represents a deposit certificate for users who deposit LPT tokens into the Penpie pool.

    Root Cause

    The core issue of this incident lies in Penpie’s erroneous assumption that all markets created by Pendle Finance are legitimate when registering new Pendle markets. However, Pendle Finance’s market creation process is open, allowing anyone to create a market with customizable key parameters such as the SY contract address. Exploiting this, the attacker created a market contract with a malicious SY contract. They leveraged Penpie’s mechanism, which required calls to external SY contracts to claim rewards, and used flash loans to inject a large amount of liquidity into the market and pool, artificially inflating the rewards and profiting from it.

    Attack Analysis

    ### Preparation Transaction Hash: 0x7e7f9548f301d3dd863eac94e6190cb742ab6aa9d7730549ff743bf84cbd21d1

    1. The attacker first created PT and YT yield contracts through the `createYieldContract` function of the `PendleYieldContractFactory` contract, setting the SY to the address of the malicious contract. Using this, they called the `createNewMarket` function of the `PendleMarketFactoryV3` contract to create the corresponding market contract (0x5b6c_PENDLE-LPT).

    2. Next, the attacker registered the Penpie pool using the `registerPenpiePool` function of the `PendleMarketRegisterHelper` contract. This process created the PRT token contract and associated rewarder contract, and registered the pool information within Penpie.

    3. The attacker then minted a large amount of YT and PT tokens by calling the `mintPY` function of the YT contract, with the amount depending on the exchange rate returned by the malicious SY contract.

    4. The attacker deposited PT into the market 0x5b6c_PENDLE-LPT and minted LP tokens.

    5. Finally, the attacker deposited the LP tokens into the Penpie pool in exchange for PRT deposit tokens.

    ### Execution of the Attack Transaction Hash: 0x42b2ec27c732100dd9037c76da415e10329ea41598de453bb0c0c9ea7ce0d8e5

    1. The attacker began by borrowing a large amount of agETH and rswETH tokens through flash loans.

    2. They then called the `batchHarvestMarketRewards` function of the Penpie pool to collect rewards for the specified market in bulk, triggering the `redeemRewards` function of the market contract 0x5b6c_PENDLE-LPT.

    3. The `redeemRewards` function is externally called the `claimRewards` function of the SY contract (the malicious contract). During this period, the attacker used flash loan funds to increase liquidity for the reward tokens (the malicious contract deliberately set the reward tokens to two market tokens: 0x6010_PENDLE-LPT and 0x038c_PENDLE-LPT) and deposited the obtained market tokens into the Penpie pool to receive corresponding deposit certificate tokens.

    4. These newly deposited market tokens in the Penpie pool were calculated as rewards, which were then transferred to the reward contract using the `queueNewRewards` function of the Rewarder contract.

    Since the attacker was the only depositor in the 0x5b6c_PENDLE-LPT market, they could immediately call the `multiclaim` function of the MasterPenpie contract to withdraw these LPT tokens from the Rewarder contract.

    5. Finally, the attacker used the `withdrawMarket` function of the `PendleMarketDepositHelper` contract to burn the PRT deposit tokens obtained in step three, redeem the market tokens, and remove the liquidity along with the rewards obtained in the previous step, ultimately obtaining the base asset tokens (agETH and rswETH) and profiting.

    This security incident exposed a lack of validation in Penpie’s market registration process, overly relying on Pendle Finance’s market creation logic, allowing the attacker to manipulate the reward distribution mechanism through malicious contracts to obtain excess rewards. The SlowMist security team recommends that project teams implement stricter whitelist verification mechanisms during market registration to ensure only verified markets are accepted. Additionally, critical logic involving external contract calls should undergo enhanced audits and security testing to prevent similar incidents in the future.

0

Rewards

chest
chest
chest
chest

More rewards

Discover enhanced rewards on our social media.

chest

Other news

XRPL Lending Proposal Opens Door To Institutional Credit

chest

The XRPL community is currently voting on amendments that could enhance institutional credit infrastructure on the XRP Ledger.

user avatarArif Mukhtar

TRON Stablecoin Volume Reaches 196T Amid Rising USDT Demand

chest

In Q1 2026, TRON processed a staggering 196 trillion in stablecoin transactions, primarily fueled by the low-fee TRC20 USDT transactions.

user avatarMaria Gutierrez

Diverging Futures Trends for Solana and Dogecoin

chest

Recent market activity shows a significant divergence in the futures trends of Solana and Dogecoin, with Dogecoin's open interest falling and Solana's rising, indicating different market sentiments.

user avatarDavid Robinson

XRP Shows Positive Onchain Activity Amid Reduced Speculative Leverage

chest

XRP shows a significant increase in daily active addresses alongside a decrease in speculative derivatives leverage, indicating a healthier market environment.

user avatarAndrew Smith

Binance Withdraws MiCA Application from Greece

chest

Binance has withdrawn its MiCA application from Greece after reports indicated it would be denied, seeking approval through another EU member nation.

user avatarZainab Kamara

Binance Faces $200 Million Lawsuit in the UK

chest

Binance and its founder Changpeng Zhao are facing a UK lawsuit seeking nearly $200 million for allegedly offering complex financial instruments without regulatory approval.

user avatarJacob Williams

Important disclaimer: The information presented on the Dapp.Expert portal is intended solely for informational purposes and does not constitute an investment recommendation or a guide to action in the field of cryptocurrencies. The Dapp.Expert team is not responsible for any potential losses or missed profits associated with the use of materials published on the site. Before making investment decisions in cryptocurrencies, we recommend consulting a qualified financial advisor.