Cover Protocol attack enabled exploiters to infinitely mint tokens
In December, Cover was another protocol that suffered an attack, following the line of exploits in 2020.
The attack on Cover's shield mining contract resulted in a loss of $COVER tokens amounting to approximately $6.2 million.
The attackers exploited a bug which allowed users to infinitely mint tokens and allowed the contract to mint more rewards to miners. This caused to total supply of tokens to increase by 48 quadrillion percent. The direct cause of the attack was due to the pools being updated only in memory, which does not update the pools in storage.
An examination of an exploiter's timeline
Several exploits were carried out. We have taken a look at one of these events.
Grap Finance, one of the six addresses to exploit the bug, presented themselves as a 'White Hat" by selling the minted COVER tokens for ETH, before returning it to Cover.
Cover have taken steps to mitigate
Cover attempted to resolve the issue by updating the pool before a deposit and implementing a cron job to run every 20 minutes to update any pools that hadn't been updated.
A compensation plan has also been set up to distribute a new token and return user funds totaling 4351 ETH.