TLDR: This article is meant to analyze the Euler Finance incident that occurred on the 13th of March at approximately 08:50 UTC in an impartial way and identify the root cause.
Link to original article: https://medium.com/@omniscia.io/euler-finance-incident-post-mortem-1ce077c28454
ChatGPT easy-to-understand explanation of what happened:
The Euler Finance incident that occurred involved the use of two smart contracts that were deployed by the attacker to exploit a vulnerability in the Euler Finance protocol. Here’s an explanation of how the two contracts were used to carry out the attack: The first contract, called the “violator” contract, was used to create an over-leveraged position in the Euler Finance protocol. The attacker deposited 20 million DAI into the DAI EToken of Euler Finance, which gave them approximately 19.56 million eDAI tokens. The attacker then created an artificial leverage by minting approximately 195.68 million eDAI and 200 million dDAI to themselves, which gave them a total of 390 million dDAI tokens. The attacker then donated 100 million eDAI to the reserve of the EToken, which caused their debt (DToken) to remain unchanged while their equity (EToken) balance decreased. This meant that if their account was liquidated, they would have a portion of DToken units left at the end, creating bad debt. The second contract, called the “liquidator” contract, was used to exploit the over-leveraged position created by the attacker. The liquidator contract was used to liquidate the violator’s position by incurring their full 310.93 million eDAI balance, but only a portion of their 390 million dDAI balance. This was due to the calculations within the Liquidation module of the Euler Finance protocol, which liquidates up to the collateral balance of the user. The attacker was able to artificially cause their position to go “under-water” and then liquidate it themselves in the same block. This caused a maximum 20% discount to be applied, which allowed the liquidator to incur a significant portion of EToken units at a discount, ensuring that they would be “above-water” and only incur the debt that matched the collateral they would acquire. In the end, the attacker was able to retain approximately 8,877,507 DAI, which is equivalent to approximately 8,779,854.423 USD as of March 13th, 2023. The use of the two contracts allowed the attacker to exploit the vulnerability in the Euler Finance protocol and profit from their actions.