Monitor unexpectedly large deposit amounts
Trigger: ERC20 Transfer more than n Parameters:- Token address: the address of the collateral token
- Amount: should be 5-10% more than the largest expected deposit
- Destination: to
- An unexpectedly large amount of deposit may be a sign that the attacker has found a vulnerability in the smart contract and is making a large deposit to get more profit from the exploit.
Monitor withdrawal of an amount that is greater than the largest deposit
Trigger: ERC20 Transfer more than n Parameters:- Token address: the address of the collateral token
- Amount: should be greater than the largest deposit by at least 1 wei
- Destination: from
- If there is a withdrawal from the contract for an amount greater than the largest deposit, then this is a clear sign that the contract has been hacked.