This is a demo to replay the Fantasm Finance exploit happened on Mar-09-2022
The target tx is https://ftmscan.com/tx/0xba31af6843c3b54515a49d8e0fe5c133922508eedb00963ee25e7a3cd7f710ec https://ftmscan.com/tx/0xe6872317c5d85dc2e1bf67ea2dc149b75d27e791359c061764f6e3ec81ef3e93 https://ftmscan.com/tx/0x64da8b8043b14fe93f7ab55cc56ccca2d190a59836a3f45dbb4b0a832e329cac https://ftmscan.com/tx/0xa84d216a1915e154d868e66080c00a665b12dab1dae2862289f5236b70ec2ad9
npm install
npx hardhat run scripts/execute.jsFantasm Finance provide a synthetic token XFTM pegged by FTM and FSM. The amount of FSM and FTM required to mint XFTM depend on the collateral Ratio. If the collateral ratio is 90% , then 100 XFTM require 90 FTM and 10 FSM.
The main problem are the mint and calcMint function in its pool contract
.
It calculate the XFTM that can be minted with the input amount of FSM with current collateral ratio but without validating the required amount of FTM are actually collected from user. Basically a user can mint 100 USD worth of FTM with only 10 USD worth of FSM given the collateral ratio is 90%. At the time of this exploit, the collateral ratio is around 98% , so a user can mint 100 USD FTM with only 2 USD FSM.
The exploit steps are pretty simple.
- exploiter transfer some FTM in order to swap to FSM.
- with the swapped FSM , the exploiter contract make a call to
mintfunction in fantasm pool. - exploiter contract then call
collectfunction to collect the minted XFTM from previous transaction. - swap the XFTM to FTM, then from FTM to ETH. Finally bridge the ETH to other chain as profit.
This codebase is for demonstration purposes only