Editor's Note: This article comes fromPeckShield(ID:PeckShield), reprinted by Odaily with authorization.
Editor's Note: This article comes from
, reprinted by Odaily with authorization.
At 02:03 on June 29th, Beijing time, two ERC20 deflationary token pools, STA and STONK, on the DeFi platform Balancer, which have recently attracted much attention due to the "borrowing-to-mining" model, were hacked and lost a total of over $500,000.
After the PeckShield security personnel intervened in the analysis, they quickly located the essence of the problem. The deflationary tokens on Balancer and its smart contracts were incompatible in some specific scenarios, allowing attackers to create STA/STONK circulation pools with price deviations and obtain profit.
The hacker’s attack was divided into four steps, specifically:
1) The attacker lent 104,331 WETH from the dYdX platform through flash loans;
2) The attacker repeatedly executes the swapexactMountin() call until most of the STA tokens owned by the Balancer are exhausted, and then starts the next attack. In the end, the Balancer only has 0.000000000000000001 STA left.
3) The attacker exploited the incompatibility between the STA token and the Balancer smart contract, that is, the mismatch between bookkeeping and balance, to carry out an attack, exhausting other assets in the fund pool, and finally making a total of $523,616.52 worth of digital assets.4) The attacker repays the flash loan lent from dYdX and takes away the digital assets obtained from the attack.Flash loan deals
secondary title
Balancer was hacked and the whole process of technical dismantling
image description
(Illustrating the whole process of hacking)
Step 1: Flash Loans
From dYdX flash loan 104,331 WETH, readers who are familiar with the DeFi lending model should be relatively clear about this part, so I won’t repeat it here.
Step 2: Clear Balancer's STA assets
The attacker emptied Balancer's STA assets through multiple calls to swapExactAmountIn() to prepare for the next attack. It is worth mentioning that we found that there is actually an upper limit on the amount of assets that can be exchanged each time in the contract code. However, the cunning attacker pre-calculated the maximum amount of WETH that can be exchanged, and cleverly left the Balancer with only 0.000000000000000001 STA.
Step Three: Attack for Profit
After the first two preparatory steps, it's time for the attacker to show his real skills!
(Step 3: On the attack profit icon)
Based on the above, the attacker sent 0.0000000000000000001 STA to BPool through the swapExactAmountIn() function, and immediately exchanged 30,347 WETH with a very high value difference, realizing a profit. At this time, BPool's internal accounting mechanism _records[STA] adds 1 before BPool actually receives 0.000000000000000001 STA (Note: Afterwards, the attacker will use gulp() to reset the value).
image description
(Step 3: under the icon for profit from attack)
In addition, we found that at the bottom of swapExactAmountIn(), _pullUnderlying() tries to collect the corresponding consumed STA from the attacker side. However, since STA will also burn 1% of the handling fee when transferring money, the actual BPool will not receive any STA. This will cause a mismatch between the actual STA balance of BPool and the internal bookkeeping.
Eventually, as shown in the figure above, the attacker repaid the 104,331 WETH borrowed from the flash loan.
suggestion
secondary title
suggestion
Of course, taking remedial measures after any security incident cannot make up for the losses that have already occurred. We believe that the best solution is to prevent in advance. Developers of DeFi projects should make use of good code specifications as much as possible, and can seek the assistance of third-party security companies to conduct comprehensive offensive and defensive tests before going online to find all potential loopholes as much as possible. Finally, as far as possible, do a thorough investigation of any combination of ERC20, ERC777 and other DeFi projects.
Follow up
secondary title
Follow up
