Decoding SkywardFinance $3 Million Exploit | QuillAudits


Introduction to Skyward Finance:

The Cause of the Attack:

The attack:

  1. The exploiter effectively withdraws the wrap.near multiple times within one transaction. He called the redeem_skyward function passing the value in skyward_amount and token_account_ids parameters.
  2. The attacker inserted the wrap.near address multiple times in the token_account_ids parameter. See below:

How this attack could have been prevented?

After the Exploit :

Price Slippage:

Web3 security- Need of the hour

Want more Such Security Blogs & Reports?

Partner with QuillAudits :



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store