On July 11th, the decentralized finance (DeFi) protocol Rodeo Finance was hacked, resulting in the loss of 810 Ether, worth about $1.53 million. According to blockchain analytics company PeckShield, the hacker exploited a vulnerability in the code of its Oracle and manipulated the price oracles to execute trades based on the manipulated prices.
The price of Rodeo Finance’s native token has dropped 54% following the hack, with its total locked value (TVL) also dropping below $500. This is the second time hackers have gained access to Rodeo Finance in July 2023, as a vulnerability in the system led to the loss of $89,000 worth of crypto assets on May 5th, 2023.
The hacker manipulated the system’s Time-Weighted Average Price (TWAP) Oracle. TWAP Oracles are used by DeFi protocols to calculate the average value of assets over a specified time period to reduce price fluctuations due to market volatility. However, the calculated average price of assets can be artificially manipulated.
The hacker borrowed a large amount of ETH then artificially manipulated its price in order to purchase the same asset for a lower price. They then returned the money and profited from the low price following the manipulations.
This hack highlights the importance of ensuring secure coding and system protocols in order to protect users from any malicious activity.
