The Revest team were informed of the “exploit at 2:24 UTC from the BLOCKS DAO development team”.
In addition to BLOCKS DAO, substantial losses were also suffered by EcoFi and RENA Finance.
By halting transfers of RVST tokens, the team thwarted the attacker’s attempt (70 secs later) to drain the RVST-ETH pool on Uniswap, avoiding a further $1.15M in losses.
The attacker’s dump of the stolen tokens had a large impact on the price of BLOCKS (initially down >95%, currently down ~80%) and ECO (down ~98%), however the RENA tokens remain untouched in the attackers address.
The root-cause of the attack was due to a reentrancy vulnerability in the ERC1155 minting contract (example tx: RENA)
The function mintAddressLock, used to create new Smart Vaults, contains two critical parameters: quantities and depositAmount.
Revest Vault invokes the mint function of FNFTHandler, to mint quantities of ERC1155(s) with the next fnftId to the recipient(s) which can later be burned in order to claim the position’s proportion of locked tokens. fnftId increments by 1 each time the function is executed.Source