Last Issues (32)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 23 | 3 | - | - | 26 |
Fixed | 3 | 3 | - | - | 6 |
| Total | 26 | 6 | 0 | 0 | 32 |
Reported rekts
unshETH was reported as rekt on 2023/05/30
Click to show description
Quick Summary UnshETH suffered an access control exploit resulting in the loss of $375,000 $USD worth of farm rewards and protocol liquidity Details of the Exploit UnshETH is a staking and yield protocol in Ethereum and Arbitrum chains. One of the deployer keys for auxiliary unshETH contracts (farms and bridge contracts) was compromised. The security teams narrowed down the scope of impact to USH farm rewards and protocol-owned liquidity. Onchain message communication with the malicious actor was established for recovery purposes. Within two hours after being contacted by unshETH team members, the attacker responded with intentions to return control of all compromised contracts which were then transferred back to multisig addresses on each chain securing all impacted assets. The attacker had already recovered some assets and gained approximately 375,000 $USD in proceeds but negotiations are ongoing towards their retrieval in exchange for a 50,000 $DAI as a whitehat bounty. During this incident, unshETH withdrawals were paused for 24 hours. Block Data Reference Malicious transaction: https://etherscan.io/tx/0x2cf0c07dd0b4944bb0b5abbb4ea26e83b7732907fc221fc28c257403be3439d2 Onchain messages: https://etherscan.io/tx/0x6b7d74b8efe11a9d9ae9e9b10b526ab07c5aae08dc801528bcf0be61068565c3 https://etherscan.io/tx/0x7faade0b77341e6e1ab4ee4085e287ea2f32ca434972067c75bfd48e6009b37a
Audits (3)
| # | Name | Auditor | Date | Chains | Issues |
|---|---|---|---|---|---|
| 1 | Audit Report | Paladin | 2023/06/14 | Ethereum | No active critical issues |
| 2 | UnshETH #2 | CertiK | 2023/04/04 | Off-Chain (Private) | No active critical issues |
| 3 | unshETH Protocol | CertiK | 2023/03/23 | Off-Chain (Private) | No active critical issues |