Sonne Finance: This attack is a donation attack, and the attackers are under investigation. The market has been suspended

ChainCatcher message, Sonne Finance released an attack analysis report, which was a donation attack. Sonne had previously avoided this issue by adding a collateral factor of 0% to the market, adding collateral and performing burns, and then increasing c-factors based on proposals. Sonne recently passed a proposal to add a VELO market in Sonne, which arranged this transaction on a multi-signature wallet, and due to a 2-day time lock, also scheduled the execution of c-factors within 2 days.

When the 2-day time lock for creating the market ended, the attacker executed 4 transactions, followed by a transaction to add c-factors to the market. The attacker was able to exploit the protocol through a known donation attack to acquire approximately $20 million in funds. Seal contributors quickly noticed the issue and added about $100 worth of VELO to retain the remaining approximately $6.5 million. Sonne is investigating the attacker and has suspended the market to mitigate further losses. Sonne is prepared to offer a bounty to the attacker, promising not to pursue the matter further if the attacker returns the funds.