Defi is under siege? About $15 million was stolen from inverse finance

Chengdu Lianan 2022-04-03 10:49:01 阅读数:80

defi siege million stolen inverse

2022 year 4 month 2 Japan , Chengdu chain security chain Bing - Blockchain security situation awareness platform Public opinion monitoring shows that ,Inverse Finance The project is under attack , Cumulative loss estimate about 1500 Thousands of dollars . The Chengdu chain security technical team immediately analyzed the incident .

1 The analysis is as follows

Attack address 1:

0x117c0391b3483e32aa665b5ecb2cc539669ea7e9

Attack address 2:

0x8b4c1083cd6aef062298e1fa900df9832c8351b3

Attack trading hash:

0x20a6dcff06a791a7f8be9f423053ce8caee3f9eecc31df32445fc98d4ccd8365

0x600373f67521324c8068cfd025f121a0843d57ec813411661b07edc5ff781842

Attack contracts :

0xea0c959bbb7476ddd6cd4204bdee82b790aa1562

First, the attacker starts from Tornado.Cash Take out 900 ETH To pull up INV Prepare price tokens .

Use by attackers 300 individual ETH, Exchange out 374 individual INV Tokens, , Reuse 200 ETH exchange 1372 individual INV Tokens, , Cumulative exchange 1746 individual INV Tokens, , Here you can find the first pool used 300 individual ETH Only exchange out 374 individual INV, And then use 200 ETH Exchange out 1372 INV Tokens, , The first pool WETH/INV Medium INV The price has been significantly raised .

In the calculation Xinv When the token price , rely on WETH/INV (0x328dfd0139e26cb0fef7b0742b49b0fe4325f821) This pair To calculate . because pair The pool has been manipulated , Plus timeElapsed The interval is short , Then the attacker needs to meet the requirement of calling..., which is not in the current block , You can use manipulated prices , Then you can manipulate xINV The value of the token .

You can see when the attack manipulates pair after , Just keep sending mint transaction , To ensure that you can maximize your time window . meanwhile , The attacker skilfully avoided the block that manipulated the price (14506358 ) Go to mint, Otherwise, the front block of the price manipulation block will be used to calculate the price .

Then the attacker directly put his own 1746 INV All tokens mint( This is a mortgage ), Exchange for 1156 individual xINV Tokens, (LP Tokens, ), Then rely on what you hold xINV Lend a lot of tokens .

Inverse finance  The cumulative loss of the project party is estimated to be about 1500 Thousands of dollars .

Here it is , Chengdu Lianan suggests that the project party Use a long enough time window , For example, you can refer to the following Uniswap Example code for ,timeElapsed Must be greater than 24 hours .

版权声明:本文为[Chengdu Lianan]所创,转载请带上原文链接,感谢。 https://netfreeman.com/2022/04/202204030934581737.html