Polter Finance Hack

In November 2024, Polter Finance, a DeFi lending protocol on the Fantom network, suffered a significant hack due to a price oracle manipulation vulnerability in its smart contracts. The protocol, which was largely a copy of the Geist protocol, relied on the spot price of its BOO token from the SpookySwap V2/V3 pool, making it susceptible to manipulation. An attacker exploited this by using a flashloan to alter the token balance in the SpookySwap pool, artificially inflating the BOO token’s price. This allowed the attacker to deposit BOO tokens at an overvalued rate and take out a large loan, draining approximately $8.7 million from the protocol, though the Polter Finance team reported losses of $12 million in a police filing. The team froze the protocol to prevent further attacks and attempted to negotiate a bug bounty with the attacker on-chain. The incident highlighted the risks of using unaudited smart contracts and relying on spot prices for price oracles, emphasizing the need for thorough security audits and robust oracle mechanisms to prevent manipulation.