Omniscia, the auditing partner of Euler Finance, has released a post-mortem report on the same which stated that the vulnerability that was exploited by the malicious hackers originated from the decentralized finance lending protocol’s incorrect donation mechanism that failed to account for the donator’s debt health.
The vulnerable code introduced in eIP-14 brought about several modifications throughout the Euler ecosystem. This enabled the attacker to create an over-leveraged position and liquidate it themselves in the same block by artificially causing it to go “under-water,” said the firm in a statement.
“We are devastated by the effect of this attack on Euler protocol users and will continue to work with our security partners, law enforcement, and the broader community to resolve this as best we can. Thank you so much for your support and encouragement.”