#NemoProtocol
đš Nemo Protocol Exploited for $2.6M Due to Unaudited Code đš
Sui-based DeFi platform Nemo Protocol revealed a $2.6M exploit on Sept. 7, caused by two vulnerabilities in unaudited code deployed by a developer. đ±
đ Post-mortem report highlights:
1ïžâŁ Exposed internal flash loan function
2ïžâŁ Flawed query function allowing unauthorized state changes
The issues, introduced in January, went unnoticed despite prior audits. A single-signature address for upgrades enabled the deployment without proper scrutiny. đ
đž The attacker manipulated the contractâs state, draining assets from the SY/PT liquidity pool and moving funds to Ethereum via Wormhole CCTP.
đ ïž Nemo has paused core functions, patched vulnerabilities, and is undergoing an emergency audit. The team is tracing funds and working on a compensation plan.
đ Lesson learned: Uncompromising scrutiny is crucial at every step, despite past assurances.