foreword
On April 15, 2022, Beijing time, Zhizhi Chuangyu Blockchain Security Lab detected that the DeFi protocol Rikkei Finance was hacked, and 2,600 BNB (approximately US$1.085 million) of the stolen funds had been transferred to Tornado Cash .
analyze
The attack event is shown in the figure below:
basic information
Attack contract:
0xe6df12a9f33605f2271d2a2ddc92e509e54e6b5f
0x9ae92cb9a3ca241d76641d73b57c78f1bcf0b209
Attacker address:
0x803e0930357ba577dc414b552402f71656c093ab
Malicious oracle address:
0xa36f6f78b2170a29359c74cefcb8751e452116f9
0x99423d4dfce26c7228238aa17982fd7719fb6d7f
Attack tx:
0x93a9b022df260f1953420cd3e18789e7d1e095459e36fe2eb534918ed1687492 0x4e06760884fd7bfdc076e25258ccef9b043401bc95f5aa1b8f4ff2780fa45d44
Attacked oracle address:
0xd55f01b4b51b7f48912cd8ca3cdd8070a1a9dba5
process
The attack process of the attacker is as follows:
1. The attacker calls the setOracleData() function of external visibility to set the oracle as his own malicious oracle.
2. Since the malicious oracle machine replaces the original oracle machine, the price of rTokens output by the oracle machine can be manipulated arbitrarily by the attack. The attacker sends 0.0001 BNB to the RBinance contract to obtain 4995533044307110.024 rBNB.
3. Due to the exchange of a large amount of rBNB, the attacker lent 346199.781 USDC.
4. The attacker converts the loaned 346199.781 USDC into 776.298 WBNB.
5. The attacker repeats the third and fourth steps to lend 3.033 BTCB, 52275.873 DAI, 297082.798 BSC-USD, and 299822.459 BUSD respectively and convert them into corresponding WBNB.
6. Transfer the exchanged total of 2571.201 BNB to the attacker's account.
7. Finally, the attacker calls setOracleData() again to restore the state of the oracle.
The method of another attack is the same, except that BNB is first converted to BUSD and then transferred to RBinance to obtain rBUSD.
detail
The problem lies in the SimplePriceOracle.sol ( https://bscscan.com/address/0xd55f01b4b51b7f48912cd8ca3cdd8070a1a9dba5#code ) contract in Cointroller, whose setOracleData visibility is external and can be called externally.
The normal price before modifying the oracle is 416247538680000000000.
Modify the oracle of rToken 0x1578 to a malicious oracle 0xa36f.
After setting up the malicious oracle machine, the rToken price will be increased to 416881147930000000000000000000000.
Subsequent processing
The attacker transferred the stolen BNB into Tornado Cash in batches.
Rikkei Finance officially stated that it will fully compensate all users affected by the exploit attack.
Summarize
Since the contract does not restrict the visibility of the setOracleData function, the attacker can arbitrarily modify the address of the oracle and obtain tokens from the contract, so we must strictly limit the visibility of the function when writing the contract.