Decentralized U.S. dollar stablecoin protocol Raft claims that despite multiple security audits, the firm still suffered a security exploit leading to the loss of $6.7 million last week.
According to the project’s Nov. 13 post-mortem report, a few days prior, a hacker borrowed 6,000 Coinbase-wrapped staked Ether (cbETH) on decentralized finance protocol Aave, transferred the sum to Raft, and minted 6.7 million Raft stablecoin, dubbed “R,” using a smart contract glitch.
The unauthorized minted funds were then swapped off the platform through liquidity pools on decentralized exchanges Balancer and Uniswap, netting $3.6 million in proceeds. The R stablecoin depegged after the attack.
According to the report:
“The primary root cause was a precision calculation issue when minting share tokens, which enabled the exploiter to obtain extra share tokens. The attacker leveraged the amplified index value to increase the worth of their shares.”
The smart contracts exploited during the incident were audited by blockchain security firms Trail of Bits and Hats Finance. “Unfortunately, the vulnerabilities that led to the incident were not detected in these audits,” Raft developers wrote.
The project says that since the Nov. 10 incident it has filed a police report and…
