Rodeo Finance exploited for the second time in a week, $1.53M lost
Rodeo Finance is an Arbitrum-based decentralized finance (DeFi) protocol.
The hacker manipulated price oracles and executed trades using the manipulated price.
The price of Rodeo Finance’s native token has plunged 54% after the hack.
On July 11, the Arbitrum-powered decentralised finance (DeFi) protocol Rodeo Finance was hacked resulting in the loss of 810 Ether (ETH) worth $1.53 million. The DEX was exploited using a code vulnerability in its Oracle.
Peckshield, a blockchain analytics company, revealed data showing that the exploiter eventually transferred the stolen funds from Arbitrum to Ethereum and exchanged 285 ETH for $unshETH. The ETH was subsequently placed on ETH2 staking by the exploiter. Last but not least, the exploiter used Tornado Cash, a well-known mixer service, to route the stolen ETH.
Time-Weighted Average Price (TWAP) Orcale manipulation
The hacker manipulated the Rodeo’s Time-Weighted Average Price (TWAP) Orcale and tampered with the pricing of the ETH.
The TWAP Oracle is used by DeFi protocols to calculate the average price of assets for a specific time frame to mitigate price fluctuation due to the volatility in the crypto market. However, it is vulnerable to manipulations through artificial skewing of the calculated average prices of assets.
The exploiter first borrowed a large sum of ETH and then artificially manipulated the price to buy the same asset at a deflated price. Later the hacker returned the loan and made a profit based on the low price after the manipulations.
Rodeo’s TVL drops significantly
Besides causing the Rodeo Finance (RDO) token to tumble 54%, the hack has also caused the total value locked (TVL) in Rodeo to drastically fall.
Before the hack, the DeFi protocol had $20 million in TVL, but it has since dropped below $500 after the hack.
This is the second time that Rodeo Finance is being hacked in July 2023. It was hacked again on July 5, 2023, and $89,000 worth of crypto assets were lost due to a vulnerability in its ‘mintProtocolReserves’ function.