Eleven Finance (11): emergencyBurn() missing balance accounting — ghost withdrawal double-spend
Eleven Finance lost $4.5M when its `emergencyBurn()` function withdrew the full vault balance without updating internal accounting, letting the attacker collect twice.
Summary #
Eleven Finance (11) suffered a Yield Aggregator on 2021-06-14, resulting in a loss of approximately $5M.
What happened #
Eleven Finance lost $4.5M when its `emergencyBurn()` function withdrew the full vault balance without updating internal accounting, letting the attacker collect twice.
Linked factors #
- RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unaudited]
- RD-F-111 — causal : Team doxx status — pseudonymous-no-track-record class [via dashboard_risk_factors/Team anonymity: Partially anonymous; pseudonymous devs]
- RD-F-126 — causal : Is-a-fork-of (Cat 8 anchor) [via dashboard_risk_factors/Forked?: Yes — forked from PancakeBunny / standard BSC yield aggregator pattern]