foreword
On April 28, Beijing time, the DEUS protocol of the Fantom platform was attacked again, with a loss of about 13.4 million US dollars. Knowing that Chuangyu Blockchain Security Lab tracked and analyzed this incident for the first time.
analyze
basic information
Attack tx: 0x39825ff84b44d9c9983b4cff464d4746d1ae5432977b9a65a92ab47edac9c9b5
Attack contract:
0x1f56CCfE85Dc55558603230D013E9F9BfE8E086C
Attacker:
0x701428525cbAc59dAe7AF833f19D9C3aaA2a37cb
attack process
- A total of 143,200,000 USDC was lent by Flash Loan from multiple trading pairs containing USDC in StableV1 AMM
- 143,200,000 USDC converted to 9,547,716 DEI, driving up the price of DEI in the trading pair
- 71,436 DEI as collateral, 17,246,885 DEI lent
- 9,547,716 DEI was exchanged back to 143,184,725 USDC, and the price of USDC/DEI trading pair returned to normal
- Return the flash loan
Vulnerability principle
The root of the problem is that in the Oracle price feed contract, the price calculation depends on the balance of the transaction pair, which is easy to manipulate through flash loans
Summarize
The core of this attack is that the pricing mechanism of the oracle contract used to feed the price is flawed. It is calculated only by the token balance of the transaction pair, and it is easy to be manipulated by flash loans.
Recently, security incidents of various contract vulnerabilities have occurred frequently, and it is necessary to implement contract audits, risk control measures, and emergency plans.