Penpie Lost $27M in Attack, Pendle Stops Operations with it

SubDAO Penpie suffered an attack on its reward protocol and lost about $27 million, as a result, Pendle has temporarily suspended contract operations with it.

On Septemeber 4, Web3 network security company Ancilia had revealed that Penpie, which is a independent protocol built on top of Pendle, lost about 27 Million in attack that was executed in two steps.

The security firm added, “The root cause is a re-entry like vulnerability in its batchHarvestMarketRewards() function, the internal function _harvestBatchMarketRewards() will call the function redeemRewards() from hack controlled Sy contract(setup at step 1).” According to Ancilia, the double use (liquidity and award) lets hack to gain double amount.

After Penpie Loses $27M in an Attack, Pendle Suspends Contract Operations With It
Courtesy: @AnciliaInc

After the news of attack came to surface, Pendle officials tweeted, “After a thorough investigation, we can confirm that the funds on Pendle are still safe.” But they did find security vulnerability in Penpie. As a precaution, Pendle has temporarily suspended all contract operations and has informed that it would maintain close communication with the Penpie team to actively assist them in resolving this issue.

Meanwhile, Penpie, has stopped all deposits and withdrawals to resolve this issue.

Also Read: Growing Address Poisoning Attacks: How Ethereum User Lost $48k

Source: https://www.cryptonewsz.com/penpie-27m-attack-pendle-stops-operations/