[]
BTC$84,7230.15%ETH$1,590.08-0.71%USDT$1.00-0.01%XRP$2.08-0.93%BNB$589.531.11%SOL$135.220.84%USDC$1.00-0.01%TRX$0.24-0.10%DOGE$0.16-0.37%ADA$0.62-0.07%STETH$1,588.88-0.68%WBTC$84,6080.08%LEO$9.15-3.11%LINK$12.691.01%AVAX$19.31-0.15%TON$3.011.53%XLM$0.242.17%USDS$1.00-0.04%SHIB$0.000012010.68%HBAR$0.174.33%SUI$2.141.80%WSTETH$1,901.31-1.09%BCH$329.67-0.72%LTC$75.730.64%HYPE$16.942.67%DOT$3.691.15%BSC-USD$1.00-0.10%BGB$4.360.05%USDE$1.000.02%WETH$1,584.55-1.06%BTC$84,7230.15%ETH$1,590.08-0.71%USDT$1.00-0.01%XRP$2.08-0.93%BNB$589.531.11%SOL$135.220.84%USDC$1.00-0.01%TRX$0.24-0.10%DOGE$0.16-0.37%ADA$0.62-0.07%STETH$1,588.88-0.68%WBTC$84,6080.08%LEO$9.15-3.11%LINK$12.691.01%AVAX$19.31-0.15%TON$3.011.53%XLM$0.242.17%USDS$1.00-0.04%SHIB$0.000012010.68%HBAR$0.174.33%SUI$2.141.80%WSTETH$1,901.31-1.09%BCH$329.67-0.72%LTC$75.730.64%HYPE$16.942.67%DOT$3.691.15%BSC-USD$1.00-0.10%BGB$4.360.05%USDE$1.000.02%WETH$1,584.55-1.06%

Advertisement

Morpho User Exploits Oracle Error To Turn $350 Into $230K

The attack was enabled by a user misconfiguring the decimals places for PAXG relative to USDC.
By: Mehab Qureshi • October 14, 2024
Morpho User Exploits Oracle Error To Turn $350 Into $230K

Morpho Labs, a top 10 DeFi lending protocol, fell victim to an oracle misconfiguration exploit allowing a cunning user to turn $350 into $230,000.

The incident occurred on Oct.13 and targeted a Morpho pool for PAXG/USDC. The issue resulted in Morpho’s oracle mispricing PAXG due to a decimal misconfiguration.

Omer Goldberg, the founder of Chaos Labs, a risk management firm, said an opportunistic user took advantage of the oracle that incorrectly valued PAXG at a whopping $2.6 trillion.

Paxos Gold (PAXG) is a gold-backed token issued by Paxos. At the time of writing, PAXG is trading at $2,675.

“The Oracle SCALE_FACTOR was misconfigured, failing to account for the differences between decimals in USDC (6 decimals) and PAXG (18 decimals),” Goldberg said. “The exploiter realized the $2T dollar pricing of gold, supplied $350 dollars of $PAXG, and withdrew $250K.”

Goldberg attributed the error to a mistake made by the Morpho user who launched the pool. He said the user likely failed to monitor the post-calculation PAXG price provided by Morpho’s oracle.

“Decentralized systems like Morpho are robust but require setup precision, especially around risk and oracles,” Goldberg added.

Morpho Labs acknowledged the incident, confirming that the attack was isolated to a permissionlessly deployed market with a misconfigured oracle.

Morpho is the seventh-largest DeFi lending protocol with a total value locked of $1.36 billion, according to DeFi Llama. Morpho has grown 642% since the start of 2023. Morpho’s TVL tagged an all-time high above $1.91 billion in July

Largest Gold-Backed Tokens

Pax Gold is the second-largest gold-backed token with a market cap of $517.1 million, according to CoinGecko.

Tether Gold (XAUT) is the market leader with a capitalization of $656.7 million, while Quorium (QGOLD) comes in third with $223 million, followed by Kinesis Gold (KAU) with $118.7 million, and Gold DAO (GLDGOV) with $31.7 million.

Gold tokens have enjoyed an increase in adoption this year, with the combined capitalization of gold tokens currently sitting at nearly $1.6 billion. The figure marks a 54% increase since Feb. 25, while the price of gold is up 31% over the same period.

ExploitsMorpho

Our articles are stored on Filecoin.

Related Posts

Gauntlet Partners With Morpho As TVL Rises

Gauntlet Partners With Morpho As TVL Rises

February 27, 2024
SwissBorg Leverages Morpho Vaults For USDC Earn Product

SwissBorg Leverages Morpho Vaults For USDC Earn Product

September 10, 2024
Bedrock Vulnerability Allows Hacker To Drain $2M From UniBTC Liquidity Pools

Bedrock Vulnerability Allows Hacker To Drain $2M From UniBTC Liquidity Pools

September 27, 2024

Advertisement

Get an edge in Crypto with our free daily newsletter

Know what matters in Crypto and Web3 with The Defiant Daily newsletter, Mon to Fri

90k+ Defiers informed every day. Unsubscribe anytime.