🔍 Technical Report: Cork Protocol Exploit

May 28th, 2025 | Loss: 3,761.87 ETH (~$12M)

📕Root Cause Analysis:

1️⃣ Market creation lacked permission restrictions, allowing custom parameters for RA, DS, and CT to be freely defined.

2️⃣ The market's RA, DS, and CT parameters lacked logical validation during definition. DS could be set as RA - which was exactly how the attacker exploited in this transaction.

📘Attacker Address: 0xea6f30e360192bae715599e15e2f765b49e4da98

📙Attack Contract: 0x9af3dce0813fd7428c47f57a39da2f6dd7c9bb09

📓Attack Process Analysis:

The attacker created 3 types of tokens and 1 Liquidity Token

1️⃣ Hackers purchase 88 weETH8CT-2 from the existing market

2️⃣ Deposit PSM into the existing market to obtain DS and CT

0.004 wstETH => 0.004 wstETH8DS-2 + 0.004 wstETH8CT-2

3️⃣ Attacker creates market

4️⃣ Deposit LV into new market and add liquidity

- 0.002 RA(weETH8DS-2) => 0.002 weETH!LV-3

- 0.001 RA(weETH8DS-2) => 0.001 wstETH5CT-3 + 0.001 wstETH5DS-3

- Liquidity: 0.001 RA(weETH8DS-2) + 0.001 wstETH5CT-3

5️⃣ Unlock to get 25 wstETH5DS-3 + 3761.25 wstETH5CT-3

📗Security Recommendations:

GoPlus suggests users suspend all interactions with , revoke any previous authorizations, closely follow official announcements, and wait for further updates.