Nearly $20M Drained from DAI Pickle Jar in A ‘Very Complicated Attack’ on its Latest Version

Deposits in the DeFi project Pickle Finance have come down to $23.6 billion from $163 million on Nov. 5th and an all-time high of $344.5 billion on 16th Sept. So, the decline that came after the exploit the project experienced over the weekend didn’t affect it much, as the funds are around the level they were in October.

The price of the governance token of the project PICKLE token did crash hard, 62.6% to $8.70, and is currently around $12, as per Coingecko.

What transpired was on Nov. 21 at 06:37 PM (UTC), the pDAI PickleJar of the project was hacked, and 19,759,355 DAI were drained.

There are reports that our DAI PickleJar strategy has been exploited. We are actively looking into this matter and will provide further updates.

— Pickle Finance 🥒 (@picklefinance) November 21, 2020

Victims have been communicating with the attacker asking them to return their funds, but the hacker hasn't responded or moved any funds.

As per the reverse-engineering done by a group of white hat hackers, it was a “very complicated attack” that involved many components of the protocol.

Source: Evil Jar Technical Post-mortem by Banteg

The Pickle Finance DeFi project is designed to help maintain the peg of stablecoins with farming incentives whose Pickle Jars are forked versions of Yearn Vaults v1 with modifications. A Controller contract controls these jars.

Its latest version enabled direct swaps between Jars, and this added swap functionality was what was leveraged together with multiple design flaws by the hacker to execute the attack, reported Banteg.

Interestingly, the project was audited by Haechi last month, which found no critical or major issues. But this was done before the latest functionality. The auditing team on Twitter said,

“The exploit occurred in a newly created smart contract, not a smart contract subject to security audit.”

The same day of the attack, at 3:15 PM (UTC), the offending code was revoked by executing a Timelock transaction and further from the Controller, which was required for the indemnified attack vector. The team on Twitter said,

“Several aspects of the PickleJar controller have been patched. This means that the PickleJars are now safe from the same attack vector. Deposits in other Jars may resume, but please refrain from depositing in the DAI Jar for now.”