The Zunami Protocol has come under two attacks

TL;DR. All user funds are safe now, and the vulnerabilities exploited by the attackers have been fixed. Losses are estimated at $260 thousand. The team is preparing a compensation plan.

On January 26, while transferring funds to the new XAI + FRAXBP pool, we were subjected to a MEV attack. During the exchange of 66,888 DAI, we received only 17,230 USDC due to a sandwich attack on a transaction in the mempool. In total, the attackers managed to steal approximately $49,658.

Transaction link:

As a result of this attack, the price of ZLP in the XAI pool decreased to $0.8213, while the price of ZLP in the MIM pool remained at $1.1252.

This opened a vulnerability where the user was able to run a flashloan attack and invest $4,000,000 in the protocol several times and get ZLP at a low price, then withdraw them at an inflated price. Links to the transactions:

The price of LP in the two pools has leveled off and there is no risk of a repeat scenario.

The team quickly responded to the attack and stopped all deposits and withdrawals within one hour.

What the team did to eliminate risk in the future:

  1. New contract for XAI strategy with amount control to eliminate MEV attacks;

In total, the attackers stole $260k. The team is preparing a compensation plan. The plan will be presented in the coming days.



Yield Aggregator for the Best Stablecoin Staking.,

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store