Huma Finance Exploit on Polygon Results in $101K Loss

Huma Finance, a decentralized PayFi network, has confirmed an exploit in its legacy V1 smart contracts on the Polygon network. A logic flaw allowed unauthorized withdrawals from BaseCreditPool contracts, resulting in a loss of approximately $101,400 USDC.

The attack occurred through a flaw in the contract code, specifically in the 'refreshAccount()' function, which did not properly check account status changes. The hacker was able to manipulate the system into allowing withdrawals without sufficient checks, ultimately pulling funds from treasury-linked pools in a single transaction.