A vulnerability in DittoETH’s patch could have compromised the protocol’s stability, but an auditor's timely discovery prevented a potentially disastrous exploit.

A major exploit in the DittoETH decentralized finance (DeFi) platform was uncovered by a warden from Code4rena, a crowd-sourced auditing platform. The vulnerability, found in a test version of DittoETH’s stablecoin system, could have allowed attackers to mint excessive tokens by manipulating price discrepancies between real token prices and oracle data. This would have led to significant bad debts, threatening the protocol’s integrity and financial stability.

The issue was identified in DittoETH’s “matchIsDiscounted” function, which is meant to distribute rewards to liquidity providers during times of market stress. However, a flaw in its design meant that even small trading volumes could create large amounts of debt, contradicting the platform's original design.

Code4rena warden あああああ (Aaaaa) identified the exploit, and after initial resistance from the DittoETH team, a detailed test proved the seriousness of the vulnerability. Had this flaw gone unnoticed, it could have been deployed in the production version of DittoETH, exposing the protocol to potential attacks in the wild.

Fortunately, the exploit was discovered in a test environment, and the issue has since been removed from the live version of DittoETH, preventing any real-world impact.

photo source / Blockonome