Coming soon

← Back to the graveyard
Eminence logo

Eminence

Hacked

DeFi · born 2020 · ✝ 2020

Money poured into an unfinished contract, then a flash loan took it.

Eminence was an unreleased gaming-economy project by Yearn's Andre Cronje whose test contracts were discovered on-chain. Speculators rushed in and in 2020 a flash-loan attacker exploited the bonding-curve pricing to drain roughly $15M.

Peak
~$15M stolen
Cause
Hacked
Year of death
2020

☠️ Cause of death

A flash loan was used to manipulate the bonding-curve oracle/pricing of the half-built token contracts, letting the attacker mint and redeem at a profit and drain the pool.

📓 Lessons left behind

  • Don't deposit into unaudited, unannounced contracts.
  • Bonding-curve pricing is trivially gamed by flash loans.
  • Code on-chain is live whether or not it was meant to be.

🌱 The idea that survived

Flash-loan-resistant pricing

Highlighted that any pricing curve exposed on-chain must assume flash-loan-scale manipulation.

#defi#flash-loan#oracle#ethereum