Arbitrum-based DeFi protocol Rodeo Finance recently fell victim to an exploit, resulting in a loss of $1.53 million on July 11. The exploit took advantage of a code vulnerability in Rodeo Finance’s Oracle, leading to the theft of over 810 Ether (ETH). Using data from blockchain analytics group Peckshield, it was discovered that the attacker transferred the stolen funds from Arbitrum to Ethereum and converted 285 ETH into $unshETH. Subsequently, the attacker deposited the ETH onto ETH2 staking. To obscure the transaction trail, the stolen ETH was then routed through the popular mixer service Tornado Cash, commonly used by exploiters as an exit strategy.
The exploit leveraged the manipulation of Time-Weighted Average Price (TWAP) Oracles. These oracles are utilized by DeFi protocols to calculate the average price of an asset during a specific time frame, effectively mitigating price fluctuations caused by volatility in the crypto market. However, this mechanism also presents an opportunity for exploiters to artificially skew the calculated average price, gaining an unfair advantage during transactions and subsequently exploiting the protocol. Exploiters initiate the process by borrowing a significant amount of an asset, manipulating the price to purchase the same asset at a deflated rate. They later repay the loan, generating profits based on the artificially low price achieved through their manipulations.
Currently, the exploiter’s wallet address still retains more than 374 ETH, with Etherscan marking it as associated with the Rodeo exploit. Prior to the attack, Rodeo Finance had a total value locked (TVL) of $20 million, which has since plummeted to below $500 following the exploit. The native token of the DeFi protocol also suffered a substantial price decline, dropping by over 53% within the past 24 hours.
The Rodeo Finance exploit is the fifth-largest recorded on the Arbitrum Network in 2023, contributing to a total of 21 recorded incidents this year alone. These incidents, collectively amounting to over $20 million in losses, highlight the persistent security concerns surrounding the network.
This recent exploit underscores the importance of blockchain security in the rapidly evolving world of decentralized finance. As the value and popularity of cryptocurrencies continue to grow, it is crucial for developers and users to remain vigilant, implementing robust security measures to safeguard against potential vulnerabilities.