1. QiAi QuestsHome
  2. Crypto & Markets

Vulnerability in ParaSpace NFT Protocol allows users to manipulate collateral amount

Crypto & Markets 66 views

Vulnerability in ParaSpace NFT Protocol allows users to manipulate collateral amount

According to reports from the Web3 network security company Ancilia, the root cause of the attack on the NFT lending protocol ParaSpace occurred in the scaledBalanceOf() function of the contract 0xddde38696fbe5d11497d72d8801f651642d62353, which is used to calculate the user’s collateral through the supply() function. However, manipulating the number of APE tokens in the function getPooledApeByShares() allows scaledBalanceOf() to return a large value. Users can own a large amount of collateral and use it to borrow more assets.

Ancilia: The root cause of the ParaSpace attack occurred in the scaledBalanceOf() function of the 0xddde3 contract

Analysis based on this information:


The Web3 network security company, Ancilia, has identified a vulnerability in ParaSpace, an NFT lending protocol that enables users to manipulate the collateral amount. According to reports, the root cause of the attack occurred in the scaledBalanceOf() function, which is linked to the contract 0xddde38696fbe5d11497d72d8801f651642d62353. This function is used to calculate the collateral amount that users have. Manipulating the number of APE tokens in the getPooledApeByShares() function, allows the scaledBalanceOf() function to return a much larger value than the actual amount.

This vulnerability allows users to take ownership of a large amount of collateral without actually possessing the underlying asset, giving them the ability to borrow additional assets. Essentially, the attack allows hackers to take advantage of a loophole in the system, thereby bypassing the protocols in place to ensure that users are borrowing only the amount of assets against the collateral they have.

ParaSpace’s protocol is dependent on the value of the underlying assets, and given that it is based on NFTs, there is always the potential for fluctuations in value. As a result, the vulnerability discovered by Ancilia has highlighted the importance of security audits and risk assessments when it comes to NFT lending protocols. It also serves as a reminder that even seemingly small vulnerabilities can have far-reaching effects that can compromise the entire system.

The finding by Ancilia is not just limited to ParaSpace alone but serves as a lesson for all similar platforms. The root cause of the vulnerability that the company discovered was a problem with the code used to develop the protocol rather than being related to human error or other similar issues. It’s also possible that similar vulnerabilities may exist in other platforms and need to be addressed immediately.

In conclusion, the vulnerability discovered in the ParaSpace NFT lending protocol highlights the importance of security measures when it comes to NFT-based lending. The loophole discovered by Ancilia would have gone unnoticed without a thorough security audit. While this vulnerability doesn’t necessarily spell doom for ParaSpace, it serves as a cautionary tale of the various ways in which malicious actors can exploit known and unknown vulnerabilities in the system.

This article and pictures are from the Internet and do not represent qiAiAi's position. If you infringe, please contact us to delete:https://www.qiaiai.com/crypto/6407.html

It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.

Like (0)
Previous 03/17/2023 08:31
Next 03/17/2023 08:42

Related recommendations