SafeDollar: Infinite Mint via Fee-on-Transfer Reward Accounting Bug

Summary #

SafeDollar suffered a Algorithmic Stablecoin / Yield Farm on 2021-06-28, resulting in a loss of approximately $248K.

What happened #

SafeDollar's reward contract didn't account for PLX's transfer fee, letting an attacker loop deposits and withdrawals 101 times to inflate SDO rewards to quadrillions — crashing the "stable" coin to $0.

Linked factors #

• RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unaudited]
• RD-F-006 — causal : Audit-deploy gap (RD-F-006 time between audit and deploy) [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: Y — protocol was newly launched] || Audit-deploy gap — alternate field name [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: Y — protocol was newly launched]
• RD-F-076 — related : Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: Very new (weeks old at time of exploit)]
• RD-F-090 — illustrative : Mixer withdrawal → protocol interaction [via realtime_signals/Pre-exploit on-chain signals: 101 repeated deposit/withdraw transactions in the same farm pool]
• RD-F-099 — illustrative : Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — SDO price crashed to $0 during the exploit sequence]
• RD-F-111 — causal : Team doxx status — pseudonymous-no-track-record class [via dashboard_risk_factors/Team anonymity: Anonymous]
• RD-F-126 — causal : Is-a-fork-of (Cat 8 anchor) [via dashboard_risk_factors/Forked?: Y — fork of algorithmic stablecoin model (Basis/ESD family)]
• RD-F-146 — related : New deploys in last 30 days — fresh attack surface [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: Y — protocol was newly launched]