Explained: The Popsicle Finance Hack (August 2021)

In August 2021, Popsicle Finance was exploited by an attacker.  The attacker managed to drain approximately $20.7 million in tokens from the project’s Sorbetto Fragola pool.

Inside the Attack

When users deposit tokens into Popsicle Finance, the protocol records the state of the user’s deposit into the pool.  This is recorded in two variables: token0PerSharePaid and token1PerSharePaid.  The point of this state tracking is to determine when the user should be paid rewards based on their deposits.

The problem is that the liquidity pool doesn’t update these values when a user transfers their shares to a different address.  Instead of recording the actual day that the user made the initial token deposit (in the other address), the new address is recorded as being eligible to receive rewards from day 0.  Additionally, a user can transfer the same shares and claim rewards multiple different times with different accounts.

The Popsicle Finance attacker exploited this vulnerability to trick the Sorbetto Fragola liquidity pool into believing that the fees owed to them were equal to the total TVL of the entire pool.  As a result, they were able to extract all of the $20.7 million in tokens currently in the pool.

Lessons Learned From the Hack

The Popsicle Finance hack demonstrated the importance of proper state tracking within DeFi protocols and testing of all corner cases.  While the project tracked state within a particular account, testing did not consider the impacts of transfers on this state tracking.
Similar bugs have been identified and exploited in other DeFi protocols in the past.  This incident underscores the importance of tracking the state of DeFi vulnerability disclosures and hacks and seeing if they apply to other projects as well.