At 23:36 on November 14th, Beijing time, Value DeFi's MultiStablesVault pool was attacked by hackers and lost nearly 7.4 million U.S. dollars in DAI.
A follow-up analysis by security personnel of the blockchain security company PeckShied initially found that the root cause of the attack was the vulnerability of the project code in the price oracle machine based on the AMM algorithm. After stealing the tokens, the hacker also left a message "do you really know flashloan?" to provoke the development team.
Overview:
Overall: Because the Value DeFi protocol uses a price oracle machine (Curve) based on the AMM algorithm to calculate the token price, there are loopholes. The attacker first manipulated the price of the tokens on Curve through flash loans, and then used the minted pooltokens to successfully withdraw 3crv tokens that far exceeded the original value. After that, the attacker redeemed these 3crv tokens for DAI on Curve to complete the profit.
In the entire incident, the hacker made a profit of 7.4 million DAI, of which 2 million was returned to Value DeFi, and directly made a profit of 5.4 million US dollars.
Detailed explanation of the attack process:
We analyze the transaction based on the attack (0x46a03488247425f845e444b9c10b52ba3c14927c687d38287c0faddc7471150a). The attacker's malicious attack contract is (0x675BD0A0b03096c5ead734cFa00C7620538C7C6F).
Step 1: Obtain 80,000 ETH through Aave Lightning Loan.
Step 2: Get 116 million DAI in UniswapV2 Lightning Loan. Next, the 0x675B malicious contract will execute the following content.
Step 3: Exchange the 80,000 ETH obtained in step 1 into 31 million USDT on UniswapV2.
Step 4: Deposit 25 million DAI on Vault DeFi and get 24.9 million pooltokens minted by the pool. At this time, the Vault DeFi agreement will mint 24.956 million new 3crv tokens.
Step 5: Change 90 million DAI to 90.28 million USDC on Curve. This step will affect the balance of the 3pool pool on the Curve, and then raise the price of USDC.
Step 6: Convert 31 million USDT to 17.33 million USDC on Curve. At this point, you can see that the USDC exchange price has a big deviation. After this step is completed, the price of USDC in the 3pool pool on Curve will be further increased.
Step 7: Destroy the previously minted 24.9 million pooltokens on Value DeFi. Due to price changes, 33.08 million 3crvs were redeemed for this part of pooltokens.
Step 8: Exchange 17.33 million USDC on Curve back to 3094 million USDT.
Step 9: Exchange 90.28 million USDC to 90.92 million DAI on Curve.
Step 10: Destroy 33.08 million 3crv in 3pool to redeem 33.11 million DAI.
Remaining steps: return Aave's flash loan and the tokens in step 2 on UniswapV2.
After this attack, the hacker returned 2 million DAIs to the Value DeFi developer (0x7Be4D5A99c903C437EC77A20CB6d0688cBB73c7f), and kept 5.4 million DAIs.
Situation of stolen assets:
The funds stolen in this attack are now stored in the wallet 0xa773603b139Ae1c52D05b35796DF3Ee76D8a9A2F. CoinHolmes, a digital asset tracking platform under PeckShield, is monitoring the address in an all-round way, and further lock-in analysis and tracking of its capital flow, in order to help the project party recover the stolen assets.
Recommended reading:
PeckShield: hardcore technology analysis, bZx protocol was attacked by hackers
PeckShield: The technical fate behind the bZx protocol being hit by hackers again
AirSwap smart contract vulnerability explained: user assets can be maliciously eaten by attackers?