Nosotros recently reported that the Balancer DeFit protocol suffered a $500,000 set on. Less than 24 hours after, a second attack claimed about $2,300 worth of Chemical compound tokens (COMP).

Hao, an engineer at DeBank, tweeted that an assaulter was able to fool the Balancer system into thinking he was owed a meaning portion of the COMP tokens stored in the decentralized exchange'southward pool.

The attack involved flash loans from both dYdX and Uniswap. The hacker loaned more $33 meg that was used to generate cTokens representing ownership in a Chemical compound puddle.

The attacker then transferred the cTokens to a Balancer pool. This triggered Compound into distributing the COMP accrued by the pool during its normal functioning. The hacker then forced Balancer to update the pool's rest, which at this point included all of the flash loaned money. The organisation thus believed that the hacker was entitled to a significant share of the pool's COMP, despite non having held whatsoever money previously.

A call to withdraw the COMP and exchange it to ETH completed the hack, which netted a relatively modest sum of about x COMP, worth $2,300.

Hao noted that the assault is similar to the $500,000 loss from before in the day. Similar the first, this second assail relies on the peculiar way that Balancer manages its internal state.

The team has since pledged to brand affected users whole. They will besides compensate a researcher who reported on the vulnerability in May.