Midas Capital Read-Only Reentrancy
Midas Capital on Polygon lost $660K to a Curve read-only reentrancy that mispriced jBRL/BRZ LP collateral, letting the attacker borrow against inflated value.
- Date
- Victim
- Midas Capital
- Chain(s)
- Status
- Funds Stolen
On January 15, 2023, the Polygon lending protocol Midas Capital lost approximately $660,000 through a Curve read-only reentrancy that mispriced jBRL/BRZ LP collateral. The attacker manipulated the LP virtual price mid-mutation and borrowed against the inflated value.
What happened
Midas accepted a Curve jBRL/BRZ LP token as collateral, priced from the pool's get_virtual_price. During a Curve remove_liquidity, the reported virtual price is temporarily wrong; the attacker re-entered Midas's borrow path during that window, with Midas reading the manipulated price and over-valuing the collateral. ~$660K was borrowed out.
Aftermath
- Midas paused the affected market and patched the price read.
- Small loss; minimal recovery.
Why it matters
Midas Capital is the earliest of the 2023 read-only-reentrancy cluster — followed by dForce (Feb), Sturdy (Jun), EraLend (Jul), Conic (Jul), and Balancer (Aug). January's Midas incident was the warning shot for a pattern that would repeat all year. The catalogue's value here is the timeline: the bug class was demonstrated in January and was still draining protocols in August, because the defensive guidance (check the pool's reentrancy lock before reading its price) propagates far slower than the exploit technique does.
Sources & on-chain evidence
- [01]halborn.comhttps://www.halborn.com/blog/post/explained-the-midas-capital-hack-january-2023
- [02]beincrypto.comhttps://beincrypto.com/midas-capital-releases-660000-exploit-post-mortem-defi-attacks-carry-into-2023/
- [03]rekt.newshttps://rekt.news/midas-capital-rekt