Beosin Alert Profile picture
Nov 7, 2022 6 tweets 4 min read Read on X
#Flashloan
Beosin EagleEye monitored a flashloan attack on MooCakeCTX contract. The loss is ~$140K.
There is no time restrictions on collateral and rewards, and the prevention of caller is not comprehensive enough, enabling the attacker to increase dividends via flashloan. Image
2/ Tx:
bscscan.com/tx/0x03d363462…

The attacker flashloaned $BUSD and swapped into vBUSD and then into $CAKE, as only $CAKE can be used as collateral in StrategySyrup. The $CTK are prepared at the same time, so that smartchef function can call a successfully performed transfer. ImageImage
3/ After calling deposit function, the hacker called harvest function. Here the call address is the attack contract. The harvest function judges whether the call address is an EOA address, but when the initiating call in the case of the constructor, iscontract() can be bypassed. ImageImageImage
4/ In the BeefyVault contract, since the reward calculation is based on the share of the deposit, where the update reward is updated according to the account calling harvest function, then in one update round to claim the reward, the larger the share, the more the profit. ImageImage
5/ So the attacker used flashloan to amplify the proceeds (the last time 733 days ago), and bypassed the iscontract.
It is worth noting that here depositAll and withdrawAll are not time-related, so the attacker can call withdrawAll immediately after deposit to claim the reward. ImageImage
6/ The attacker executed two more attacks and returned the flashloan with a profit of 424 $BNB (~ $140,000).

Suggestion:
When developing contracts, pay attention to flashloan attack scenario, the security of the way rewards are issued, and the secure use of library functions.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Beosin Alert

Beosin Alert Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @BeosinAlert

Jun 30, 2023
H1 2023 Web3 Security Statistics

🚨Total losses from hacks, phishing scams, and rug pulls in Web3 reached $655.61 million in the first half of 2023.

Among them,
108 attacks -> $471.43M
Phishing scams -> $108M
110 rug pulls -> $75.87M https://t.co/8Q9kmDETfQtwitter.com/i/web/status/1…
2/ The total loss from hacks in Web3 has significantly decreased compared to last year.

In H1 2022, the total loss from attacks was ~$1.91 billion, and in H2 2022, it was about $1.69 billion, while in H1 2023, this value dropped to $470 million.
3/ Distribution of loss amount in hacks:

Loss exceeding $100 million: 1 incident
$10 million to $100 million: 7 incidents
$1 million to $10 million: 23 incidents

Read 5 tweets
Jun 6, 2023
Last month, Beosin security researchers have discovered a high-risk vulnerability CVE-2023–33252 in the library of SnarkJS (version 0.6.11 and earlier).

The high-risk vulnerability that allowing double-spending has now been fixed by Circom. It has a severity score of 7.5 in the… twitter.com/i/web/status/1… ImageImage
2/ Circom is a zero-knowledge proof circuit compiler developed in Rust. The team behind Circom has also developed the SnarkJS library, which supports various functionalities, including trusted setups, generation and verification of zero-knowledge proofs. Image
3/ In versions of SnarkJS <= 0.6.11, the library fails to perform comprehensive validation checks on the parameters during proof verification. This allows attackers to forge multiple proofs that pass the verification process, enabling double-spending attacks.
Read 9 tweets
May 19, 2023
Swaprum on Arbitrum rugged for ~$3M.

The deployer of Swaprum used the add() backdoor function to steal LP tokens staked by users, then removed liquidity from the pool for profit.

One tx:
arbiscan.io/tx/0x36fef881f… ImageImage
2/ The project has upgraded the the normal liquidity collateral reward contract to a contract containing backdoor functions.

arbiscan.io/address/0x9980…

arbiscan.io/address/0xcb65…
3/ The backdoor function add() will transfer LP tokens from the contract to the _devadd address. By querying the _devadd address, it will return the ‘Swaprum:Deployer’ address. ImageImage
Read 4 tweets
Apr 16, 2023
On Apr 15th, @HundredFinance was exploited for over $7M on #Optimism.
Hundred Finance was also a victim of a reentrancy attack on Mar 2022.
Txs:
0x15096dc6a59cff26e0bd22eaf7e3a60125dcec687580383488b7b5dd2aceea93
0x6e9ebcdebbabda04fa9f2e3bc21ea8b2e4fb4bf4f4670cb8483e2f0b2604f451
2/ The root cause is that the attacker can manipulate the exchangeRate by donating a large amount of WBTC to the hWBTC contract.
In the getAccountSnapshot function, the value of exchangeRateMantissa relies on the amount of WBTC in the contract. ImageImageImage
3/ The attacker flashloaned 500 $WBTC, then called the redeem function to redeem the previously staked 0.3 WBTC.
Next, the attack contract 1 sent 500.3 WBTC to attack contract 2. Contract 2 used 4 BTC to mint 200 hWBTC. The redeem function was then called to redeem the 4 BTC. ImageImage
Read 5 tweets
Apr 9, 2023
Root cause: The reset of lastCalledPool is before the check. This results in an invalid check on Pool, allowing attackers to specify malicious Pool to transfer users’ funds that have approved when swap.

Example: 0xea3480f1f1d1f0b32283f8f282ce16403fe22ede35c0b71a732193e56c5c45e8
1) The attacker created the malicious pool contract 30 days ago.
2) The swap is performed by calling SushiSwap's router function processRoute, specifying the malicious contract as the pool contract.
3) After the swap, the malicious contract calls the uniswapV3SwapCallback, specifying the tokenIn as WETH and the from address as the victim's address (@0xSifu sifuvision.eth), thus using the victim's approval to router contract to transfer the funds.
Read 6 tweets
Apr 5, 2023
Sentiment protocol was under an attack with a loss of ~$1 million caused by a price error due to reentrancy.
arbiscan.io/tx/0xa9ff2b587… Image
2/ The attacker first calls the "joinPool" function of Balancer Vault to make a deposit. Then he calls "exitPool" to withdraw, during which Balancer Vault sends eth to the attacker to call the fallback function of the attack contract.
3/ In the fallback function, the attacker calls the 0x62c5 contract's borrow function, which does a price calculation based on the return data from Balancer Vault.getPoolTokens().
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(