According to news, the wCRES/USDT V2 fund pool of the decentralized trading platform DODO was hacked, and wCRES worth nearly $980,000 and USDT worth nearly $1.14 million were transferred away. DODO stated that the team has offlined the relevant fund pool construction entrance. The attack only affects the DODO V2 crowdfunding pool. Except for the V2 crowdfunding pool, other fund pools are safe; the team is cooperating with security companies to investigate and try to recover part of the funds . For more follow-up news, please pay attention to the DODO official community announcement.

Analysis of attack details

Analysis of attack details

By looking at this attack transaction, we can find that the entire attack process is very short. The attacker first transfers FDO and FUSDT to the wCRES/USDT fund pool, then lends wCRES and USDT tokens through the flashLoan function of the fund pool contract, and initializes the fund pool contract.

Why depositing FDO and FUSDT tokens can successfully lend wCRES and USDT, and initialize the fund pool contract? Is it because there is a loophole in the flash loan function of the fund pool?

Next, we analyze the flashLoan function in detail:

By analyzing the specific code, we can find that when performing a flash loan, the funds will be transferred out through the _transferBaseOut and _transferQuoteOut functions, and then the specific external logic calls will be made through the DVMFlashLoanCall function, and finally the funds in the contract will be checked. It can be found that this is a normal flash loan function, so the problem can only be in the execution of the external logic during the flash loan.

By analyzing the external logic calls of the flash loan, it can be found that the attacker called the init function of the wCRES/USDT fund pool contract, and passed in the FDO address and FUSDT address to initialize the fund pool contract.

Here we can find that the fund pool contract can be reinitialized. In order to find out, let's analyze the initialization function in detail:

attack process

attack process

1. The attacker first creates two token contracts of FDO and FUSDT, and then deposits FDO and FUSDT tokens into the wCRES/USDT fund pool.

2. Next, the attacker calls the flashLoan function of the wCRES/USDT fund pool contract to perform a flash loan, lending out the wCRES and USDT tokens in the fund pool.

3. Since the init function of the wCRES/USDT fund pool contract does not have any authentication and logic to prevent repeated calls to initialization, the attacker calls the initialization function of the wCRES/USDT fund pool contract through the external logic execution function of the flash loan, and the fund pool contract The token pair is replaced by FDO/FUSDT from wCRES/USDT.

Summarize

Summarize

The main reason for this attack is that the capital pool contract initialization function does not have any authentication and restrictions to prevent repeated calls to initialization, causing the attacker to use the flash loan to lend real money, and then replace the capital pool token pair by re-initializing the contract Counterfeit coins created for the attacker to bypass the flash loan fund return check and pocket the real coin.

Reference attack transaction:

https://cn.etherscan.com/tx/0x395675b56370a9f5fe8b32badfa80043f5291443bd6c8273900476880fb5221e