VEE.Finance Attack Analysis

Vee Finance
2 min readSep 21, 2021

VEE.Finance Attack Analysis

Yesterday afternoon we identified suspicious behavior, we did a thorough review on all the transactions after we paused the smart contracts for the security of the assets. Here are the details about the attack.

Attack Address: 0xeeeE458C3a5eaAfcFd68681D405FB55Ef80595BA

Attack Timeline

Attack preparation

1. Attacker got 0.1 AVAX airdrop when crossing the chain with the help of Avalanche Bridge.

2. Attacker traded 26.999006274904347875 WETH.e to 1,369.708 AVAX via Pangolin.

3. Attacker deployed attack contract 1 (0x255945a4f673851633355b2592f602025ca20142).

4. Attacker called the init() method of attack contract 1 to trade AVAX to the tokens being attacked(XAVA/QI/LINK.e, etc.).

5. Attacker called the init() method of attack contract 1 to create trading pair to be used for the attack.








6. Attacker transfered 20 AVAX to each of the 5 accounts of the attack contract 1.

To 0x799965bADB76Cae3055E8472c0dEdB9622Bb8d2E

To 0xea8D4B36b21D7a5Ea70989C5db4Ce6DC172E41CD

To 0x8EaF218176490b9E7933bc58b08a0B45647794Ce

To 0x4b962FcdBdef0f2DAb10AaD1e16bC8373525a58d

To 0xC7264ac43470abBcde972983636FD8B55E23D167

Attack execution phase

1. Attacker invoked the method of attack contract 1 to carry out the attack, but due to insufficient gas fee, the transaction was revoked.

2. The first successful attack, dynamically created contract 0x4b4c4044207aa5da6b585fed9e8ffc04bb55d2df (dynamic contract 1), attacker invoked attack contract 1 to supply, then invoked leveraged trading through dynamic contract 1, exchanged QI with WETH.e.

3. After attacking XAVA/WETH.e in a similar way, the contract failed again.

September 20, 2021 09:16:47 PM UTC

4. After rewriting the new attack contract, attacker deployed attack contract 2. (0x490D25A327768bD5E3d2bF98B8E10419B3E70B82).

September 20, 2021 09:31:31 PM UTC

5. Attacker repeated the above steps.

6. Attacker repeatedly used AugustusSwapper to trade USDT.e to ETH.e.

7. The attacker deployed another attack contract 3 on September 20, 2021 11:20:50 PM UTC (0xb040c4CdCF1B485F284795351211c832F2D4cd96).

8. During and after the attack, the attacker kept transferring assets to Ethereum via the Avalanche Bridge, for example,

We will keep you updated on this incident through our social media and community announcements.




Vee Finance

A lending protocol platform on Avalanche that bridges the gap between traditional financial users and crypto users.