The attack occurred after Tender.fi upgraded its price feed to relay data from a Chainlink pricing oracle as opposed to a time-weighted average price (TWAP). The code, which was audited by PeckShield, contained an error and returned a number with too many zeros behind it. This meant the attacker was able to deposit one GMX token, worth around $70, effectively tricking the system into allowing infinite borrows, according to a postmortem published on Tender.fi’s Medium page.
DeFi Protocol Tender.fi Hacker Returns $1.6M Following Chainlink Oracle Glitch
