QI Quadriga Initiative

Nov 2024 - vETH VirtualToken Lending Mechanism Price Logic Error - $450k (Global)

"The vETH token (VirtualToken) is an ERC-20 token designed to facilitate token lending, wrapping, and unwrapping functionalities. It features a controlled loan mechanism, allowing only authorized factory contracts to call its takeLoanfunction and manage user debt. The token also integrates access control through a whitelist and factory mechanism, ensuring that interactions are limited to approved entities."

"The attack targeted interactions between the vETH token’s takeLoan function and a liquidity-adding function in the Factory contract, which manipulates the state of Uniswap pairs. The attacker leveraged this flaw to acquire vETH tokens without incurring the intended cost."

"The root cause of the hack was a flawed interaction between the takeLoan function in the vETH contract and the liquidity-adding function in the Factory contract. This function allowed state manipulation of Uniswap pools, enabling the attacker to inflate the pool's constant product and mint vETH without proper cost."

Further Analysis

vETH is lending contract token with a loan control mechanism which is part of an unknown project on Ethereum. On November 14th, the smart contract was exploited which allowed for cheaper minting of vETH tokens. There is no word on any intended recovery of the funds or reimbursment for affected users.

How Could This Have Been Prevented?

More Cryptocurrency Exchange Hacks/Scams/Frauds

Thala Labs V1 Farming Contract Vulnerability > > < < dogwifcoin (WIF) Twitter/X Phishing Attacks

Sources/Further Reading

@SlowMist_Team Twitter (Dec 31)
Ethereum Transaction Hash (Txhash) Details | Etherscan (Dec 31)
Ethereum Transaction Hash (Txhash) Details | Etherscan (Dec 31)
Ethereum Transaction Hash (Txhash) Details | Etherscan (Dec 31)
Decoding Veth Tokens 450k Exploit (Dec 31)
Ethereum Transaction Hash (Txhash) Details | Etherscan (Dec 31)
Slow Fog: Suspicious activity related to vETH detected, users remain vigilant - ChainCatcher (Dec 31)
@PeckShieldAlert Twitter (Dec 31)
@surfer_steve_ Twitter (Dec 31)
ERC-20: vETH (vETH) Token Tracker | Etherscan (Dec 31)
vETH Token Hack Analysis. Overview: | by Shashank | Nov, 2024 | SolidityScan (Dec 31)

Join Us!

 Name: Email:
t.me/QuadrigaInitiative /r/QuadrigaInitiative @QuadrigaInit info@quadrigainitiative.com
Sign-Ups: 100%

Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected User. For questions or enquiries, email info@quadrigainitiative.com.