Raft Protocol loses $6,700,000 in Smart Contract Exploit

Summary # On November 10, 2023, Raft Protocol experienced an exploit resulting in a loss of about 1,575 cbETH. The exploiter employed a sophisticated multistep attack strategy focusing on a smart contract’s precision calculation vulnerability. Initially, the attacker obtained cbETH through a flash loan before donating and liquidating the cbETH to the Interest Rate Position Manager. This maneuver manipulated the collateral token’s index rate, allowing the exploiter to systematically increase their position in small increments, exploiting a rounding issue in the mint function. ...