The assault occurred after Tender.fi upgraded its value feed to relay information from a Chainlink pricing oracle versus a time-weighted common value (TWAP). The code, which was audited by PeckShield, contained an error and returned a quantity with too many zeros behind it. This meant the attacker was capable of deposit one GMX token, value round $70, successfully tricking the system into permitting infinite borrows, in response to a postmortem revealed on Tender.fi’s Medium page.
After extracting $1.6 million from the protocol, the hacker left an on-chain message: “It seems like your oracle was misconfigured. Contact me to kind this out.”
Tender.fi reached out and agreed to pay the white hat hacker a 62.15 ether bug bounty.
The protocol plans to deploy a brand new rewritten oracle contract earlier than unpausing borrowing. It has additionally vowed to repay any unpaid debt left behind by the hacker.