Jimbo's Protocol: Flash loan + missing slippage control in rebalancing function → liquidity drain
Jimbo's Protocol attempted to create a semi-stablecoin via a floor-price rebalancing mechanism (described by observers as "OHM flashbacks"). The v2 had just launched — it was the team's second attempt after a buggy v1 fell apart on launch days earlier. v2 added leverage complexity.
Summary #
Jimbo's Protocol suffered a Algorithmic Stablecoin / AMM (semi-stablecoin via rebalancing) on 2023-05-28, resulting in a loss of approximately $8M.
What happened #
Jimbo's Protocol attempted to create a semi-stablecoin via a floor-price rebalancing mechanism (described by observers as "OHM flashbacks"). The v2 had just launched — it was the team's second attempt after a buggy v1 fell apart on launch days earlier. v2 added leverage complexity.
Linked factors #
- RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unaudited — no audit existed]
- RD-F-006 — causal : Audit-deploy gap — alternate field name [via dashboard_risk_factors/Code newly deployed/upgraded?: Y — v2 launched 3 days prior; v1 had already collapsed] || Time between audit end and deploy [via cross-hack: Factor 4: Newly Deployed or Unannounced Contract]
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: No (10% offered after hack via on-chain message)]
- RD-F-076 — causal : Protocol age (days since first mainnet deploy) [via cross-hack: Factor 35: Protocol Age < 2 Weeks at Time of Hack] || Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: v2 was 3 days old at time of hack; v1 was ~2 weeks old and had already failed]
- RD-F-141 — related : Test-mode parameters left on in deploy (possibly related) [via cross-hack: Factor 4: Newly Deployed or Unannounced Contract]
- RD-F-146 — related : New deploys in last 30 days (fresh attack surface) [via cross-hack: Factor 4: Newly Deployed or Unannounced Contract]