In Brief:
- AVATerra faced an exploitation on its Chef Contract.
- Just 5 hours after the launch, the auction took place.
- AVATera suggested everyone to withdraw their Funds.
AVATerra, a next-generation decentralized stable-yield aggregating farm on Avalanche suffered exploitation on its Chef Contract.
It was launched on 20th October and on the same day it suffered exploitation after 5 hours when the hacker found a flaw. Once the hack was done, the hacker immediately minted and dumped thousands of tokens.
AVATerra’s Chef Contract is a Goose Fork, but their token contained custom elements, including a flaw through which anyone could call and mint the tokens. Currently, masterchef is safe, funds are safe and it can be withdrawn.
The hack was later explained by AVATerra’s reviewer and liquidity partner Rugdoc.io.
DeFi protocol Curve.fi commented that this attack may now give the best lesson to have smart contract audits in the future.
On AVATerra users could stake terra, WAVAX, USDC, DAI, WETH, WBTC, PNG, USDT to earn TERRA tokens. Before the hack, AVATerra had a total volume of locked(TVL) of $391,266.29 whereas currently it holds just a TVL of $685.
Also Read: Avalanche DeFi Platform Vee Finance Exploited for $35M
Later on, 21st October AVATerra Admin. released an apology letter to all the community members on Twitter.
