1. Event overview

1. Event overview

On June 28th, Beijing time, the public opinion monitoring of Lianbian-Blockchain Security Situational Awareness Platform (Beosin-Eagle Eye) showed that the Polygon ecological algorithm stablecoin project SafeDollar was hacked. After the attack, the price of the stablecoin (SDO) issued by the SafeDollar project dropped from $1.07 to zero in an instant.

In view of the symbolic significance of this attack, the Chengdu Lianan Security Team immediately intervened in the analysis. After many projects on the BSC (Binance Smart Chain) chain were hacked frequently in early May, the Polygon ecology also began to be targeted by hackers at the end of June. Has the "Pandora's Box" been quietly opened? Taking advantage of this incident, Chengdu Lianan reminded the Polygon ecological project to strengthen security warning and prevention work by sorting out the attack process and attack methods.

2. Event analysis

Attack contract:

Attacker address:

0xFeDC2487Ed4BB740A268c565daCdD39C17Be7eBd

Attack contract:

0xC44e71deBf89D414a262edadc44797eBA093c6B0

0x358483BAB9A813e3aB840ed8e0a167E20f54E9FB

Attack transactions:

0xd78ff27f33576ff7ece3a58943f3e74caaa9321bcc3238e4cf014eca2e89ce3f

0x4dda5f3338457dfb6648e8b959e70ca1513e434299eebfebeb9dc862db3722f3

0x1360315a16aec1c7403d369bd139f0fd55a99578d117cb5637b234a0a0ee5c14

Attack transactions:

0xd78ff27f33576ff7ece3a58943f3e74caaa9321bcc3238e4cf014eca2e89ce3f

0x1360315a16aec1c7403d369bd139f0fd55a99578d117cb5637b234a0a0ee5c14

The following analysis is based on the following two transactions:

The attacker first uses PolyDex’s WMATIC and WETH pools for PLX lending, as shown in the figure below:

Next, the attacker repeatedly performed mortgage withdrawals by attacking the contract, mainly to reduce the number of mortgage tokens in the SDO mortgage pool in the SdoRewardPool contract.

When the PLX token contract transfers tokens, if the from address is not in the _isExcludedFromFee list and the to address is not in the _isExcludedToFee list, a reward fund will be charged for the transferred tokens and 0.05% of the transferred tokens will be destroyed .

In the SdoRewardPool contract, the recorded amount is the amount transferred by the caller, without subtracting the loss during the transfer process. When the extraction operation is performed, the extracted amount is the recorded amount, which exceeds the amount actually mortgaged by the user to this contract. Therefore, it will cause an abnormal decrease in the mortgage tokens in the mortgage pool.

Finally, use the obtained SDO tokens to exchange all the USDC and USDT in the SDO-USDC and SDO-USDT exchange pools.

3. Event review

3. Event review

In fact, this attack is not complicated, but it is worthy of attention. Firstly, non-standard tokens were added when adding the mortgage pool, and the balanceOf function was used to obtain the number of mortgage tokens when calculating rewards, which led to the occurrence of this attack.

From the perspective of security audit, the project party, as the administrator of adding a mortgage pool, must think twice about the mortgage currency in the mortgage pool to be added. Inflation and deflation tokens and tokens whose transfer quantity is different from the actual arrival quantity are not recommended as mortgage tokens in the mortgage pool; if these types of tokens must be added as reward tokens due to business needs, they must be separated from other standard tokens deal with. At the same time, it is recommended to use a separate variable in the mortgage pool as a record of the amount of mortgage, and then when calculating rewards, use this variable to obtain the amount of mortgage tokens instead of using the balanceOf function.