Polter Finance, a decentralized lending and borrowing platform on the Fantom network, has fallen victim to a hack resulting in the loss of $12 million. The attackers exploited oracle manipulation and flash loans.
Purpose of Polter Finance
Polter Finance was a decentralized, non-custodial lending and borrowing platform on the Fantom blockchain. It allowed users to deposit assets to earn interest and borrow against holdings. The platform emerged in response to a demand for a service similar to the discontinued $GEIST protocol.
How Did the Hack Occur?
The attack involved the following steps:
1. The attacker secured a flash loan and borrowed nearly all $BOO tokens from the liquidity pool. 2. Oracle Manipulation: By draining the liquidity pool, the attacker artificially inflated the $BOO token price, which was recorded by Polter’s oracle. 3. Liquidity Drain: With the inflated price, the token was deposited into Polter Finance, allowing the hacker to drain all liquidity pools. 4. Exit: The attackers withdrew $12 million through Tornado Cash.
Prevention Measures and Takeaways
The root cause was a vulnerable oracle that enabled price manipulation of $BOO tokens. This could have been prevented with comprehensive protocol audits, disabling flash loans, and using robust oracle systems. The incident highlights the necessity for thorough security measures to prevent such losses.
The attack on Polter Finance underscores the critical importance of conducting thorough security audits and implementing robust measures to prevent potential vulnerabilities and future losses.