CertiK: KyberSwap vulnerability exists in the implementation of Elastic's computeSwapStep() function
CertiK posted on social media that the vulnerability in the KyberSwap attack exists in the implementation of the computeSwapStep() function in KyberSwap Elastic. This function calculates the actual exchange input/output amounts to be deducted or added, the exchange fee to be charged, and the resulting sqrtP. The function first calls the calcReachAmount() function, which concludes that the attacker's slippage will not cross the scale line, but incorrectly generates a slightly larger price than the targetSqrtP calculated by calling "calcFinalPrice". Therefore, liquidity was not removed, resulting in the attack. The attacker performed precise calculation operations on the liquidity pool within the empty scale range, using cross-exchange liquidity counts to deplete many KyberSwap pools containing low liquidity.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Bitget Spot Margin Announcement on Suspension of DOG/USDT, ORDER/USDT, BSV/USDT, STETH/USDT Margin Trading Services
BGB holders' Christmas and New Year carnival: Buy 1 BGB and win up to 2026 BGB!
Bitget Trading Club Championship (Phase 20)—Up to 2400 BGB per user, plus a RHEA pool and Mystery Boxes
Subscribe to ETH Earn products for dual rewards exclusive for VIPs— enjoy up to 8% APR and share 30,000 USDT!
Trending news
MoreCrypto prices
More
