Revest Finance: ERC1155 reentrancy via onERC1155Received — fnftId update timing flaw inflates FNFT redemption value
Revest Finance lost $2M when an attacker used an ERC1155 mint callback to re-enter the vault mid-transaction, exploiting a timing flaw in FNFT ID tracking to assign real token value to 360,000 worthless receipt tokens.
Summary #
Revest Finance suffered a Financial NFT / Token Vesting / Liquidity Lock on 2022-03-27, resulting in a loss of approximately $2M.
What happened #
Revest Finance lost $2M when an attacker used an ERC1155 mint callback to re-enter the vault mid-transaction, exploiting a timing flaw in FNFT ID tracking to assign real token value to 360,000 worthless receipt tokens.
Linked factors #
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Unknown]
- RD-F-008 — illustrative : Bug survived review (RD-F-008 = ignored disclosure; closest semantic match for audit-missed-bug) [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Audited — bug survived single review]