• Rodeo Finance is an Arbitrum-based decentralized finance (DeFi) protocol.
• Hackers manipulated value oracles and used manipulated costs to execute trades.
• After the hack, the worth of Rodeo Finance’s native token dropped 54%.

On July eleventh, Rodeo Finance, an Arbitrum-powered decentralized finance (DeFi) protocol, was hacked, leading to a lack of 810 Ether (ETH) value $1.53 million. DEX was exploited utilizing a vulnerability in Oracle’s code.

Blockchain analytics agency Pecshield has revealed knowledge exhibiting that abusers finally transferred the stolen funds from Arbitrum to Ethereum, exchanging 285 ETH for $unshETH. The ETH was then positioned on his ETH2 stake by the exploiter. Final however not least, the abuser used Twister Money, a widely known mixer service, to route his stolen ETH.

Time Weighted Common Value (TWAP) Operation

Hackers manipulated rodeo time-weighted common value (TWAP) Orcale and altered ETH pricing.

TWAP Oracle is utilized by DeFi protocols to calculate the common value of an asset over a given time frame to be able to mitigate value volatility attributable to cryptocurrency market volatility. Nonetheless, it’s susceptible to manipulation by artificially skewing the calculated common value of the asset.

Exploiters first borrowed a considerable amount of ETH after which manipulated the worth to purchase the identical asset at a diminished value. The hackers then paid off the mortgage and made a revenue primarily based on the post-manipulation low.

Rodeo TVL dropped considerably

The hack not solely dropped the Rodeo Finance (RDO) token by 54%, but additionally triggered Rodeo’s Whole Worth Locked (TVL) to drop considerably.

Earlier than the hack, the DeFi protocol had a TVL of $20 million, however after the hack it fell beneath $500.

That is the second time Rodeo Finance has been hacked in July 2023. It was hacked once more on July 5, 2023, ensuing within the lack of $89,000 value of crypto property as a consequence of a vulnerability within the “mintProtocolReserves” operate.