SafeDollar Post-Mortem Analysis


SafeDollar was recently the subject of an exploit that resulted in a loss of 202,230 USDC and 46k USDT

The protocol itself is working fine. Only the PLX version 1 pool had an issue and caused the exploit. Following is the technical analysis of the event.

The Incident

The attack happened on Jun-28–2021 03:48:36 AM +UTC. The hacker performed the attack from wallet with the tx

from where he draw 16,626,185,544,882 and drain the liquidity pool to withdraw out 202,230 USDC and 46k USDT

Since PLX is a deflation token, everytime user deposits to the pool 0.15% of the amount will be burnt. The hacker kept deposit and withdrawing from the pool, so the PLX balance of the pool (lpSupply) was decreasing and became very small (

accSdoPerShare = accSdoPerShare.add(_sdoReward.mul(1e18).div(lpSupply));

accSdoPerShare became very big, he harvested that insanely big amount of pending SDO reward and dumped it into the liquidity pools.

We are finalizing and will announce the Compensation and move Forward Plan in a separate article.

We hope this would give a transparent response to the Safe Dollar community.

Thank you for your understanding and support of SafeDollar.

Algo Stable Coin X Deflation Protocol X Synthetic Assets