Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
BlockSec Profile picture
@BlockSecTeam
Feb 22, 2023 4 tweets 3 min read Read on X
1/ @fi_dynamic $DYNA on #BSC was hacked (bscscan.com/tx/0xc09678fec…) and the loss is ~73 BNB.

The root cause is that the StakingDYNA contract (bscscan.com/address/0xa7B5…) does not handle the deposit time correctly. ImageImage
2/ Specifically, users could deposit $DYNA and claim rewards, while the interest will be calculated as follows:
duration = now - lastProcessAt
interest = k * (stakeAmount * duration)

However, the user's lastProcessAt is only recorded for the first deposit/stake.
3/ Thus, attackers could: 1) open a new vault and deposit a few $DYNA at time A; 2) after a while (at time B), borrow a large amount of $DYNA by flashloan and deposit them; 3) redeem the deposit, the profit is calculated as k * (borrowAmount * (B - A)); 4) repay the flashloan.
4/ Note that steps 2, 3, and 4 are in the same tx.

In fact, the real deposit time should be 0 instead of (B - A), but the vulnerable contract does not update lastProcessAt for any deposit. Thus, the staking duration is calculated mistakenly.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with BlockSec

BlockSec Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @BlockSecTeam

BlockSec Profile picture
Apr 13, 2023
1/ @iearnfinance was hacked with two consecutive attack transactions. The root cause is due to an (on-purpose?) misconfiguration which makes the rebalance of the pools rely on an incorrect underlying token. This misconfiguration has been there for more than three years. ImageImage
2/
Attack Tx1: explorer.phalcon.xyz/tx/eth/0xd55e4…
Attack Tx2: explorer.phalcon.xyz/tx/eth/0x8db0e…

Specifically, one of the strategy pools of yUSDT/ycUSDT, Fulcrum, had its address incorrectly configured. The underlying token of the misconfigured pool is USDC.
3/ The attacker took advantage of this by emptying the interest rate of Aave V1 (in Tx1) and directly transferring Fulcrum USDC to yUSDT/ycUSDT, triggering a rebalance. This caused yUSDT/ycUSDT to retrieve a large amount of USDC, mistakenly thinking that its own balance was 0. Image
Read 4 tweets
BlockSec Profile picture
Apr 3, 2023
1/ @samczsun explained that the attacker exploited the vulnerability in mev-boost-relay to drain MEV bots. After digging into the attack, we have two more findings. First, the attacker used a honeypot tx to lure MEV bots. Second, the honeypot tx has a self-protected mechanism.
2/ The attacker is a validator with a pre-knowledge that he/she will be selected to be the miner of block 16964664. Besides, a vulnerability in the mev-boost-relay will reveal the private transaction in flashbots.
3/ But how to lure the MEV bot to issue sandwich txs? We find the attacker leveraged eight honeypot txs for this purpose. Let's use one of them as an example, which swapped 0.35 Eth to 158 STG in a pair with less liquidity. This transaction is broadcasted to the mem pool.
Read 8 tweets
BlockSec Profile picture
Mar 13, 2023
1/ @eulerfinance is attacked. The root cause is due to the lack of liquidity check in the function donateToReserves()
phalcon.xyz/tx/eth/0xc310a…

See the detailed attack steps below. Image
2/ Here is the key steps
a. Attacker flashloaned 30M DAI in AAVE
b. Attacker deposited 20M DAI and got back 20M eDAI
c. Since Euler Finance provides the capability of leverage borrow (docs.euler.finance/app/ui/mint), the attacker can mint 195M eDAI and 200M dDAI.
3/ Continued above
d. 10M debt is repaid so that the attacker can mint more eDAI. Now the attacker holds 215M eDAI and 190M dDAI
e. step b is repeated. Now the attacker holds 410M eDAI and 390M dDAI
f. Attacker invoked the function donateToReserve() to donate 100M eDAI.
Read 4 tweets
BlockSec Profile picture
Mar 1, 2023
1/ We have received queries about whether BlockSec is the “whitehat” behind the Jump "counter exploit". We are NOT involved in the Jump case, and the way of the Jump case is fundamentally different from the Platypus counter exploit we were involved in.

blocksecteam.medium.com/blocksecs-pers…
2/ The high-level idea for the Jump counter exploit is as follows.

The Exploiter’s Maker Vaults can be managed by Oasis AutomationBot smart contract since the Exploiter enables the automation sell and buy services offered by Oasis.

kb.oasis.app/help/what-is-a…
3/ The AutomationBot can only be operated by the address with the role AUTOMATION_EXECUTOR. This address is a configuration in the Oasis Service Registry contract, which can be updated by the Oasis multisig wallet.
Read 7 tweets
BlockSec Profile picture
Feb 17, 2023
1/ We have analyzed the recent @Platypusdefi attack and found that the attacker made a mistake in the first attack transaction, which prevented the attacker from withdrawing the profits. Here is the full story.

Thanks, @spreekaway for pointing out this direction.
2/ We identified two attack transactions, with the first one (phalcon.blocksec.com/tx/avax/0x1266…) leaving the profits in the attack contract and the second one (phalcon.blocksec.com/tx/avax/0x997b…) transferring the profits to the attacker.
3/ Our analysis of the decompiled code showed that the first contract did not have a transfer function signature, and the approve function signature only appeared in the attack flow logic. This means the attacker did not reserve any interface to transfer the profits.
Read 4 tweets
BlockSec Profile picture
Feb 7, 2023
1/ Looks like 0x55a37a2e5e5973510ac9d9c723aec213fa161919 was added as a "solver" of @CoWSwap by the multisig in this tx:

phalcon.blocksec.com/tx/eth/0x7374b…

Then 0x55a invokes the tx to approve DAI to SwapGuard

phalcon.blocksec.com/tx/eth/0x92f90… Image
2/ Since DAI was approved from GPv2Settlement to SwapGuard, then the attacker can ask SwapGuard to transfer DAI from GPv2Settlement to arbitrary addresses.

phalcon.blocksec.com/tx/eth/0x90b46… Image
3/ According to metasleuth.io/result/eth/0xc…, the other approved tokens (e.g., USDT, USDC, ETH) are also transferred to the attackers. Image
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(