A math prodigy exploited the code on a Defi platform to reapportion $16 million in tokens to himself, but it is not clear if it was illegal, or if it was just a trading strategy. The play, which caused the platform to sell other’s tokens to him at a greatly reduced price, worked as follows:
Borrow heavily – He took out a $157 million “flash loan” consisting of DEFI5’s component tokens, such that they are returned (with interest) before the contract is executed.
Hoard UNI – The code spends $109 million to acquire as much of the DEFI5 pool’s UNI tokens as possible, unitil the demand drives them up to eventually 860 times UNI’s normal price. The platform uses this token’s value to extrapolates a total value of all tokens. When UNI is dramatically reduced, DEFI5’s value is suppressed 380 times its normal value.
Swap UNI for cheap DEFI5 – Using a process known as “minting,” he swapped the UNI he bought and that he’d borrowed, worth $53.2 million—for now undervalued DEFI5 worth $153.8 million.
Borrow Sushi – He takes out another $2.4 million flash loan in Sushi, which is then introduced in a process known as “reindexing.”
Flood the pool with free Sushi – He gives the Sushi to the pool, bypassing any limit on the value/amount of a new token introduced. he then trades the Sushi for the undervalued DEFI5.
The script trades the DEFI5 tokens for its component tokens, with Sushi in the pool. By repeating this process and taking advantage of DEFI5’s artificially low valuation, he ultimately exchanged $4 million of Sushi for $21 million worth of other tokens.
He then pays back the loans, and keeps the rest, which ended up being $16 million, pulling it out to an Ethereum Wallet.
He is being sued, but it is not clear if he actually broke a law, or just used the system as designed, in a way which apportioned the wealth of others to him. Experts note the platform openly disclosed how it valued tokens in such a way as to minimize fees, all users agreed to have their tokens traded according to those rules, and these trades were performed using those rules, even if the exploitation was specifically designed to undervalue tokens.