Perpetuals Trading Protocol Levana Suffers Oracle Attack, Loses $1.14 Million Perpetuals trading protocol Levana
has fallen victim to an oracle attack, resulting in a loss of $1.14 million. According to a report from the Levana team,
the exploitation happened between December 13th and December 26th, with the assailants siphoning off 10% of Levana’s liquidity pools.
T
he perpetrators exploited a congestion attack on the Osmosis chain, disrupting the capability of Levana users
to engage with the markets.
This was further exacerbated
by a flaw in Osmosis’ fee market code and the presence of “price staleness” in Levana’s integration with the Pyth oracle. These vulnerabilities enabled the attackers
to manipulate prices and deplete the pools. “A bug in the Osmosis fee market code meant that during times of congestion, the provided gas price was generally insufficient for making trades or performing ongoing bot maintenance activities,” Levana wrote.
The team noted
that there was no known vulnerability in the Pyth oracle despite the attack. “Though the Pyth oracle is a key part of the attack, there is no known vulnerability in the Pyth oracle,” the team wrote.
“It behaved exactly as expected.”
