An exploit is never far away in the world of decentralized finance. Unfortunately, the popularity of DeFi remains a double-edged blade. Saddle Finance is the latest to get exploited, resulting in over $10 million theft.
Saddle Finance Faces A DeFi Exploit
No one bats an eye when yet another decentralized finance project gets exploited these days. Despite there being tremendous interest in these projects, the number of security vulnerabilities remains mind-boggling. Any protocol seems vulnerable to a hack or theft these days, and it is often a matter of “when” rather than “if.” Something direly needs to change to make users feel more secure. For now, that change seems further away than ever before.
It remains a bit uncertain what happened to Saddle Finance exactly. A culprit tricked the contract into incorrectly calculating a swap rate. More specifically, they exploited the MetaSwapUtils library. Unfortunately, the Saddle Finance contract leverages an older version of this code library, which is a bit weird. Better upkeep of the code may have prevented that issue from happening.
1/ @saddlefinance was exploited in a flurry of txs (https://t.co/jnFnZHMaO7 and https://t.co/RbpyXg7Sxw),
resulting in the protocol loss of >$10M.
— PeckShield Inc. (@peckshield) April 30, 2022
Due to the exploit, a hacker was able to withdraw over $10 million in Ether from the Saddle Finance protocol. They tried to deposit 300 ETH to TornadoCash, a well-known coin mixer that may provide extra anonymity to users. However, everyone is now aware of this hack and its associated transactions. It seems unlikely the culprit will be able to cash out these illicit proceeds.
A full analysis of this hack is underway, and more information will become available soon. Regardless of how it happened, it is yet another DeFi hack costing people a lot of good money. If decentralized finance is to be taken seriously, incidents like these should not happen again. Unfortunately, the lack of security in Ethereum smart contracts remains prevalent, with little improvement in sight.