The MIM Spell exploit on 25 March 2025 exposed a critical vulnerability in the integration between the RouterOrder and CauldronV4 contracts, leading to an approximate loss of $12.9M. The attacker exploited flawed state management during the liquidation process, allowing for repeated unauthorized borrowing. This incident underscores the need for robust security measures, including rigorous contract audits, proper state updates, and comprehensive endpoint security, to safeguard crypto platforms.
Q1: What was the approximate total loss from the MIM Spell exploit on 25 March 2025?
A1: $12.9M
Q2: Which two contracts were involved in the vulnerability exploited by the attacker?
A2: RouterOrder and CauldronV4
Q3: What key error allowed the attacker to borrow additional funds after liquidation?
A3: Not updating the public ‘inputAmount’ variable in RouterOrder
Q4: What regulatory or security response did the MIM team take following the exploit?
A4: They offered a 20% bounty for the return of the stolen funds
