Lodestar Finance exploited in flash loan attack
The main vulnerability behind the attack was within GLP oracle and how it conducts its price. Arbitrum-based lending protocol Lodestar Finance was exploit ed in a flash loan attack on Dec. 10. According to Lodestar, the attack er manipulated the price of the plvGLP token before borrowing all platform liquidity using the inflated token. In a Twitter thread, Lodestar explained the attack flow. The attacker first manipulated the exchange rate of the plvGLP contract to 1.83 GLP per plvGLP, "an exploit that by itself would be unprofitable", said the company. Then, the attack er supplied plvGLP collateral to Lodestar and borrowed all available liquidity, cashing out part of the funds "until the collateralization ratio mechanism prevented a full liquidation of the plvGLP." Following the hack, "several plvGLP holders also took advantage of the opportunity and also cashed out at 1.83 glp per plvGLP." The hacker was able to burn a little over 3 million in GLP, m...