ForceDAO’s Initial Decentralized Funding Protocol had a rough start, with several hacks occurring within hours of launch.
Ethereum-based company Yield Aggregator just launched its air campaign on April 3, when four malicious hackers extracted a total of 183 ETH, valued at $ 367,000 at the time. A friendly hacker also helped the team by alerting them to prevent further losses.
The team put down the autopsy and took responsibility for what it called “engineering oversight”.
After the invasion, the team decided to divert 60 million FORCE tokens from the multi-signature tax wallet to the distribution wallet to create and implement three votes that would effectively burn FORCE balance in the three hacker addresses.
An autopsy revealed that the affected xFORCE platform was a thorn in SushiSwap’s smart contract, which includes a token return mechanism in the event of failed transactions. The protocol describes xFORCE as the “interest bearing” version of FORCE, which represents the arrows in its collections, similar to how LP tokens work.
The breach of contract that ForceDAO used allowed the attackers to use this mechanism to generate xFORCE tokens, which were then seized and exchanged for ETH in the markets. The team conceded that the attack was relatively easy to prevent.
“This could have been avoided by using the Open Zeppelin ERC-20 standard or by adding the safeTransferFrom package to the xSUSHI contract.”
He added that the hack is currently under investigation because some of the headlines are coming from the popular exchanges FTX and Binance. He added that a screenshot will be taken, and the project will be relaunched with the new xFORCE code.
Following its release and distribution, FORCE token prices rose above $ 2 on April 4, but have since fallen more than 95% to $ 0.05 at the time of writing.