Popsicle Finance (Sorbetto Fragola): Fee Accounting Bug — LP Token Transfer Without Reward Checkpoint
Popsicle Finance's Sorbetto Fragola contract lost ~$20M when an attacker exploited a known LP token transfer fee-accounting bug — chaining three contracts to triple-collect the same rewards across eight Uniswap V3 pools simultaneously.
Summary #
Popsicle Finance (Sorbetto Fragola) suffered a Yield Optimizer / Liquidity Management (Uniswap V3) on 2021-08-04, resulting in a loss of approximately $20M.
What happened #
Popsicle Finance's Sorbetto Fragola contract lost ~$20M when an attacker exploited a known LP token transfer fee-accounting bug — chaining three contracts to triple-collect the same rewards across eight Uniswap V3 pools simultaneously.
Linked factors #
- RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unknown — likely unaudited or audit missed known bug class]
- RD-F-006 — causal : Audit-deploy gap — alternate field name [via dashboard_risk_factors/Code newly deployed/upgraded?: Relatively new deployment]
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Unknown]
- RD-F-100 — illustrative : Flash loan > $10M origination — RT signal [via realtime_signals/Unusual borrowing (Y/N): Y — large multi-asset AAVE flash loan]
- RD-F-111 — causal : Team doxx status — pseudonymous-no-track-record class [via dashboard_risk_factors/Team anonymity: Unknown]