Analysis on the theft of US $14.5 million from certik's initial | inverse Finance

Certik Chinese community 2022-04-03 13:50:46 阅读数:293

analysis theft million certik initial

zz5YrqKR5dWaWbvCrLddoDjYjDKM6wSUjG8e1Vtr.png

Beijing time. 2022 year 4 month 2 Japan 19 when ,CertiK The safety technical team monitored Inverse Finance Being used maliciously , Leading to a value of about 1450 Million dollars of assets were lost .

The root cause of this event is that the price is manipulated due to the dependence of external price prediction machine , Therefore, attackers can borrow assets by manipulating prices .

Attack process

Before launching an attack , The attacker made the following preparations : 

1. First , The attacker deployed a malicious contract . The address of the contract is :0xea0c959bbb7476ddd6cd4204bdee82b790aa1562

2. secondly , The attacker is SushiSwap/Curve.fi Exchange in , To manipulate the price in the transaction , The transaction address is :0x20a6dcff06a791a7f8be9f423053ce8caee3f9eecc31df32445fc98d4ccd8365

because SushiSwap:INV(INV-ETH Pair) The liquidity of is very low , use 300ETH( Worth about a million dollars ) Exchange for INV There will be a big increase in INV Price .

And then , The attacker officially launched the attack :

1. The attacker took the... Obtained in the preparation stage INV Deposit in , And casting (mint) 了 1746 gold XINV Tokens, .

2. XINV The price of : according to SushiSwap:INV Right INV The price is calculated by . As mentioned above ,INV The price of is manipulated , So every XINV The value of 20926 dollar .

3. With XINV The price of is modified , Attackers can use forged XINV The token borrows the following assets :1588 gold ETH,94 gold WBTC,3999669 gold DOLA And 39 gold YFI.

Contract vulnerability analysis

The main reason for this vulnerability is that it is dependent on the price prediction machine , And there is 30 Minutes window period . The attack officially occurs after the preparation phase is completed , Only by the 15 second .

Lur0yzqOQd4XIjesNU8KRApRQX4luaVwe70omcB5.png

under these circumstances , because timeElapsed == 15, Oracle contract Keep3rV2Oracle Function of _update() in 'timeElapsed > periodSize' Will be bypassed . This means that the final cumulative price has not been updated . thus it can be seen , function _computeAmountOut() Medium amoutOut Will be larger than expected , because priceCumulative Has been manipulated , but _observation.priceCumulative Not updated .

4nh7yydqrvXLxkFnBZAHo6Gw3hHzmb0M9Bg9jYkG.png

One side ,XINV The price of depends on SushiSwap:INV Yes (INV-ETH Yes ) Our reserves , Its liquidity is very low .

On the other hand ,TWAP Can prevent lightning attacks . Theoretically , Attackers can get through " sacrifice " Some money to manipulate prices , in other words , Use his own money to change the price . In this special price prediction machine design , If the elapsed time does not exceed 30 minute , The current price ( From reserves ) Should not be used to calculate the amount of money .

Asset tracking

According to the CertiK SkyTrace Show , Value contract 1450 The $million asset was stolen and transferred to Tornado Cash.

MmzbRDE1TaEBxytGkufVJILzDxtFOZEziLMl5cYl.png

Other details

  • The preparation period for trading by exploiting vulnerabilities : 

    https://etherscan.io/tx/0x20a6dcff06a791a7f8be9f423053ce8caee3f9eecc31df32445fc98d4ccd8365

  • Exploit vulnerabilities to trade and launch attacks : 

    https://etherscan.io/tx/0x600373f6752132https://etherscan.io/tx/0x600373f67521324c8068cfd025f121a0843d57ec813411661b07edc5ff781842

  • The attacker's address 1:https://etherscan.io/address/0x117c0391b3483e32aa665b5ecb2cc539669ea7e9

  • The attacker's address 2: 

    https://etherscan.io/address/0x8b4c1083cd6aef062298e1fa900df9832c8351b3

  • Attack contracts : 

    https://etherscan.io/address/0xea0c959bbb7476ddd6cd4204bdee82b790aa1562

  • Oracle contract : 

    https://etherscan.io/address/0x39b1df026010b5aea781f90542ee19e900f2db15#code

  • SushiSwap INV-ETH Pair: 

    https://etherscan.io/address/0x328dfd0139e26cb0fef7b0742b49b0fe4325f821

  • XINV Contract address : https://etherscan.io/address/0x1637e4e9941d55703a7a5e7807d6ada3f7dcd61b#code

  • Keep3rV2 Oracle contract address : 

    https://etherscan.io/address/0x39b1df026010b5aea781f90542ee19e900f2db15#code

At the end

Today, , Many projects will use the Oracle , Some projects will also have a strong dependence on it . Security audit , Will review the rationality of the design of the Oracle 、 Price algorithm and economic model .

therefore ,CertiK Safety experts advise : Try to avoid using pools with low liquidity as the source of price prediction machine , At the same time, the security audit of the project is carried out to ensure the correctness of the oracle model .

版权声明:本文为[Certik Chinese community]所创,转载请带上原文链接,感谢。 https://netfreeman.com/2022/04/202204031331093281.html