Popsicle Finance

Popsicle Finance Exploit - August 4, 2021

Overview

On Aug 4th, 2021, Popsicle Finance suffered a huge financial loss (over $20M) from an attack. SorbettoFragola was exploited, resulting in the loss of about $20.7M including 2.6K WETH, 5.4M USDC, 5M USDT, 160K DAI, 10K UNI, and 96 WBTC.

The Flaw

When a user deposits funds, the Fragola contract updates token0PerSharePaid and token1PerSharePaid against his account to keep track of when he deposited the tokens. This allows the contract to pay the user the fees from the direct state. However, the bug in Popsicle is that these variables are not updated when the user transfers their share to a different address. The new address is eligible to claim rewards from day 0 rather than from when the user deposited their tokens.

The Attack

The hacker took a flash loan of $30 million in Tether (USDT) and 13K ETH from Aave and then deposited these funds into Popsicle Sorbetto Fragola pool. They then passed the tokens around in a circle between contracts, and since the contracts had received PLP tokens they were able to claim interest from the pool, because the pool thinks they had provided liquidity since the beginning of time.

Resolution

The attacker first swapped the stolen funds with ETH and then laundered them with Tornado.Cash.

Market Impact

Following the exploit, the price of the ICE token fell by approximately 50%.

Sources

• Popsicle Finance Reward Calculation Error - Quadriga

• Analysis of Popsicle Finance Security Incident - BlockSec

• Explained: The Popsicle Finance Hack - Halborn

• Popsicle Finance Exploit How The Hacker Did It - Breadcrumbs

• Popsicle Finance $20M Flash Loan Exploit - CryptoNews