【Beosin: Penpie was attacked and lost about 27 million US dollars in assets. Analysis of the attack incident】According to Beosin Alert monitoring, Penpie, a DeFi protocol built on Pendle, was hacked and about 27 million US dollars of encrypted assets were stolen. Beosin briefly analyzed the incident as follows: The attacker used the claimRewards function in the market contract to re-enter the staking to increase the balance of the staking contract, and then extracted the excess tokens and staked assets of the taking contract to make a profit. 1. The attacker first created an attack contract and built the corresponding market contract through the official factory. 2. Called the batchHarvestMarketRewards function of the staking contract to update the rewards for the market. 3. When updating the reward, the claimRewards function of the attack contract will be called back, and this function will re-enter the assets obtained by the flash loan to stake, so that the assets of the staking contract form a quantity difference, and the excess will be extracted. 4. The attacker extracts the pledged assets and returns the flash loan to make a profit.