Analysis of the principle of Exactly Protocol attack event
On August 18, Exactly protocol was attacked by hackers, and the attackers made a profit of about 12.04 million US dollars.
The security company Safful conducted a technical analysis of this incident for the first time, and summarized the security precautions, hoping that follow-up projects can learn from it and build a security defense line for the blockchain industry.
1. Event analysis
攻击者地址:
0x3747dbbcb5c07786a4c59883e473a2e38f571af9
0x417179df13ba3ed138b0a58eaa0c3813430a20e0
0xe4f34a72d7c18b6f666d6ca53fbc3790bc9da042
攻击合约:
0x6dd61c69415c8ecab3fefd80d079435ead1a5b4d
被攻击合约:
0x675d410dcf6f343219aae8d1dde0bfab46f52106
攻击交易:
0x3d6367de5c191204b44b8a5cf975f257472087a9aadc59b5d744ffdef33a520e
0x1526acfb7062090bd5fed1b3821d1691c87f6c4fb294f56b5b921f0edf0cfad6
0xe8999fb57684856d637504f1f0082b69a3f7b34dd4e7597bea376c9466813585
Attack process:
(1) The attacker (0x417179df) first created multiple malicious market token contracts and multiple uniswapPool contracts through the attack contract (0x6dd61c69).
(2) Then call the leverage function of the attacked contract (0x675d410d) and pass in a malicious market token address.
(3) Add the liquidity of USDC and malicious market tokens to the pool contract through the deposit function in the leverage function and re-enter the crossDeleverage function of the attacked contract (0x675d410d)
(4) The attacked contract (0x675d410d) in the crossDeleverage function will use USDC to exchange malicious market tokens in the pool contract.
(5) After the function call is completed, the attack contract (0x6dd61c69) removes the liquidity in the pool, and then proposes the exchanged USDC tokens for profit.
(6) Repeat the above operations multiple times, and each attack will replace the attacked user address and malicious market token address.
(7) Then send the obtained USDC to the attacker (0xe4f34a72).
(8) Perform the same operation multiple times to make a profit
2. Vulnerability analysis
This attack exploits a vulnerability in the DebtManager (0x675d410d) contract, where the leverage function does not verify whether the incoming market parameter is a credible market contract, so that the state variable _msgSender can be modified to the attacker’s in the permit function decorator Arbitrary reference address.
Finally, when exchanging with the pool, the user's exaUSDC balance will be used to offset the amount of USDC paid to the pool contract.
3. Security Recommendations
In response to this attack, we should follow the following precautions during the development process:
(1) When it comes to the transfer and call of external addresses, we should strictly verify whether the reference address is a trusted address.
(2) Before the project goes online, it is necessary to conduct a smart contract audit to a third-party professional audit team.