Skyward Finance: Missing Parameter Validation — Redemption Loop (redeem_skyward)
Skyward Finance's treasury was drained in one transaction when an attacker passed a looped parameter to the redemption function — a missing input validation that existed since launch and took over a year for anyone to exploit.
Summary #
Skyward Finance suffered a Token Launchpad on 2022-11-03, resulting in a loss of approximately $3M.
What happened #
Skyward Finance's treasury was drained in one transaction when an attacker passed a looped parameter to the redemption function — a missing input validation that existed since launch and took over a year for anyone to exploit.
Linked factors #
- RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unknown (likely unaudited)]