Coder Makes $8 Million by Flashloaning Stablecoin Bug

origin token flashloan rekt nov 2020

A skilled coder has pocketed $8 million by exploiting a reentrancy bug in Origin Protocol’s oUSD smart contract. OUSD is a new token that tracks the dollar price 1:1 by being backed with other stablecoins like USDt. The project says this USDt and other stablecoin assets are sent to defi protocols to earn interest, with the oUSD token then free to move or be used while also earning the interest of the underlying assets. So basically this is abstracting assets say on Compound, giving them an ownership token, with this token now free of the lending/borrowing burden while enjoying the benefit of interest. Pretty cool, except there’s a reentrancy bug. 2016 ethereans will know such bugs are of the sort where due to a coding error, the smart contract thinks you have the right to mint the token when in fact you don’t. The team says, and we quote at…

Read the original article here