Auditor flagged issue before $2.59M Nemo hack, team admits
Sui-based yield trading protocol Nemo lost $2.59 million in a Sept. 7 exploit caused by unaudited code deployed without multisignature controls.
Sui-based yield trading protocol Nemo lost about $2.59 million due to a known vulnerability introduced by non-audited code being deployed, according to the project.
According to Nemo’s post-mortem analysis of the Sept. 7 hack, a flaw in a function intended to reduce slippage allowed the attacker to change the state of the protocol. This function, named “get_sy_amount_in_for_exact_py_out,” was pushed onchain without being audited by smart contract auditor Asymptotic.
Furthermore, Asymptotic’s team identified the issue in a preliminary report. Still, the Nemo team admits that its “team did not adequately address this security concern in a timely manner.”