defirisk.co
rubric v1.7.0

Pickle Finance: Fake jar injection — missing whitelist in Controller's jar-swap function

Pickle Finance lost 19.7M DAI when an attacker injected a fake "Pickle Jar" into the Controller contract and swapped funds from the legitimate cDAI jar — exploiting a missing whitelist in code added after the protocol's two audits.

Occurred 2020-11-22 Loss $20M Status closed

Summary #

Pickle Finance suffered a Yield Aggregator / Vault on 2020-11-22, resulting in a loss of approximately $20M.

What happened #

Pickle Finance lost 19.7M DAI when an attacker injected a fake "Pickle Jar" into the Controller contract and swapped funds from the legitimate cDAI jar — exploiting a missing whitelist in code added after the protocol's two audits.

Linked factors #

  • RD-F-001 — causal : ★ Direct: Audit scope mismatch (report commit ≠ deployed bytecode) [via cross-hack: Factor 1: Audit Scope Mismatch]
  • RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unaudited — `controller-v4.sol` was not in scope of either audit]
  • RD-F-006 — causal : Audit-deploy gap (RD-F-006 time between audit and deploy) [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: Y — ControllerV4 added Oct 23, 2020, post-audit] || Audit-deploy gap — alternate field name [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: Y — ControllerV4 added Oct 23, 2020, post-audit] || Time between audit end and deploy [via cross-hack: Factor 21: Post-Audit Code Change Without Re-Audit]
  • RD-F-007 — causal : Direct: bug bounty presence + max payout [via cross-hack: Factor 9: No Bug Bounty Program] || Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Unknown]
  • RD-F-046 — related : ★ Contract unverified at launch — adjacent (no public ABI as a permissionless variant) [via cross-hack: Factor 7: Permissionless Feature Without Safety Validation]
  • RD-F-072 — causal : Market-listing governance threshold = permissionless [via cross-hack: Factor 7: Permissionless Feature Without Safety Validation]
  • RD-F-111 — causal : Team doxx status — pseudonymous-no-track-record class [via dashboard_risk_factors/Team anonymity: Anonymous (pseudonymous team)]
  • RD-F-126 — causal : Is-a-fork-of (Cat 8 anchor) [via dashboard_risk_factors/Forked?: Y — Pickle Jars are a fork of Yearn's yVaults]
  • RD-F-139 — causal : ★ Post-audit code changes deployed without re-audit [via cross-hack: Factor 21: Post-Audit Code Change Without Re-Audit]
  • RD-F-146 — related : New deploys in last 30 days — fresh attack surface [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: Y — ControllerV4 added Oct 23, 2020, post-audit]