vETH token has “takeLoan” functoin that can be called by only valid factory.

Also, in Factory contrat, there’s a function that adds liquidity to Uniswap vETH-BIF pair using “takeLoan” function and user’s BIF tokens.

This function changes pair state, increases x*y=k. Hacker leveraged this, gained some vETH for free. Total loss is abot $450k.
Leave a Reply