defirisk.co
rubric v1.7.0

MonoX: Native token self-swap price inflation — tokenIn/tokenOut identity bypass

MonoX lost $31.4M when an attacker exploited a missing check in its swap contract that allowed the same token to be used as both input and output, inflating MONO's price to purchase the entire protocol's liquidity.

Occurred 2021-11-30 Loss $31M Status closed

Summary #

MonoX suffered a DEX / AMM (Single Token Liquidity) on 2021-11-30, resulting in a loss of approximately $31M.

What happened #

MonoX lost $31.4M when an attacker exploited a missing check in its swap contract that allowed the same token to be used as both input and output, inflating MONO's price to purchase the entire protocol's liquidity.

Linked factors #

  • RD-F-006 — causal : Audit-deploy gap (RD-F-006 time between audit and deploy) [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: Y — MONO token was recently launched (weeks before hack)] || Audit-deploy gap — alternate field name [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: Y — MONO token was recently launched (weeks before hack)]
  • RD-F-007 — causal : Direct: bug bounty presence + max payout [via cross-hack: Factor 9: No Bug Bounty Program] || Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Unknown]
  • RD-F-008 — illustrative : Bug survived review (RD-F-008 = ignored disclosure; closest semantic match for audit-missed-bug) [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Audited — bug survived two independent audits (Halborn + Peckshield)]
  • RD-F-009 — related : Formal verification coverage — would have caught [via cross-hack: Factor 53: Custom Proprietary AMM Math Without Independent Verification]
  • RD-F-024 — causal : Code complexity above threshold for audit coverage [via cross-hack: Factor 53: Custom Proprietary AMM Math Without Independent Verification]
  • RD-F-053 — causal : ★ Spot DEX pool oracle without TWAP — root cause [via realtime_signals/Oracle anomaly: Y — spot price of MONO within the pool's own price oracle would have appeared to spike anomalously mid-attack]
  • RD-F-062 — related : External keeper/relayer dependency not redundant [via cross-hack: Factor 8: Off-Chain Infrastructure Dependency]
  • RD-F-099 — illustrative : Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — spot price of MONO within the pool's own price oracle would have appeared to spike anomalously mid-attack]
  • RD-F-105 — causal : DNS / CDN / frontend change detected [via cross-hack: Factor 8: Off-Chain Infrastructure Dependency]
  • RD-F-111 — causal : Team doxx status — pseudonymous-no-track-record class [via dashboard_risk_factors/Team anonymity: Unknown]
  • RD-F-146 — related : New deploys in last 30 days — fresh attack surface [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: Y — MONO token was recently launched (weeks before hack)]