Weekly Report (Aug-14)


  • The Fantom Foundation joined forces with AWS for a developer workshop targeting Web3 games.
  • Barcelona is advancing its digital ambitions using the Metaverse and NFTs.

Blockchain Hacks

Steadefi was exploited on the Arbitrum and Avalanche chains, which resulted in a loss of assets worth approximately $1.14 million. The exploiter transferred ownership of the vaults in succession, including lending and strategy, to a wallet they controlled and went on to take various owner-only actions, such as allowing any wallet to borrow any available funds from the lending vaults. The attacker then drained all available lending capacity on both the Arbitrum and the Avalanche chains, swapped the stolen assets to ETH, and then bridged them to Ethereum. We also shared a detailed analysis of this exploit.

The Cypher Protocol on Solana was exploited due to a smart contract vulnerability, which resulted in a loss of funds worth 38,530 SOL and $123,184, totaling approximately $1.03 million. The team confirmed that their smart contracts were frozen, and investigations into the exploit were underway.

Earning Farm was exploited on the Ethereum Mainnet, which resulted in a loss of funds worth approximately $528,000. The root cause of the exploit is a logic error that allowed the operations to reenter the vulnerable contracts. The vulnerable withdraw function of the EFVault contract allowed anyone to burn their ENF_ETHLEV balance if it was less than the expected amount of shares. The inherited ERC20 methods in the EFVault are not reimplemented and lack non-reentrant modifiers, allowing an attacker to re-enter these routines. In this blog, we shared a detailed analysis of the exploit.

The Zunami Protocol was exploited on the Ethereum Mainnet, which resulted in a loss of funds worth 1174 ETH and 1265 USDT, totaling approximately $2.1 million. The root cause of the exploit is a price manipulation issue caused by donations that incorrectly calculate the price. The attacker was able to manipulate prices on the pairs upon which its UZD balance depends. Funds worth approximately 1183.8 ETH have already been laundered into Tornado Cash.

Metaverse, and NFTs

The Fantom Foundation collaborated with Amazon Web Services (AWS) to initiate a developer workshop focused on creating engaging Web3 games. This workshop is designed to provide Web3 developers with the necessary abilities to construct decentralized fantasy gaming experiences on the Fantom blockchain. It’s an inclusive program, welcoming anyone interested, including those who merely wish to observe. Hosting the workshop on the AWS cloud infrastructure, it will be organized into four distinct labs. Within each lab, there are several phases aimed at leading participants through the development of high-quality fantasy games using Fantom.

Barca Vision, which operates under the Football Club de Barcelona, is propelling the club’s digital ambitions using the Metaverse and NFTs. The club has managed to garner a €120 million investment for a significant share in its web3-centric enterprise, with financial backing coming from Libero Football Finance and private investors guided by NIPA Capital BV. This capital infusion highlights the increasing interest in Web3 technologies and the metaverse within the sports sector. The investment will presumably be used to enhance and broaden Barça Vision, allowing the club to seize the benefits arising from the rapidly changing digital environment.

OnChain Insurance Industry News

Neptune Mutual announced the end of the Incident Reporting period for Curve Finance, and following a 24-hour wait period, the resolution for the exploit was made in favor of the First Reporter, hence defined as the Final Reporter. The Curve Finance policyholders will then have a 7-day period to claim their respective payouts.

Nexus Mutual and InShare have announced a partnership to expand capacity and cover small independent business owners in the UK against risks such as fire, theft, and accidental damage.

Tidal Finance announced that the slashing coverage pool for StaFi Protocol ETH 2.0 is live and that users can purchase the cover from their pool and protect themselves against slashing risks.