Analysis of $14.5 million stolen by inverse Finance

CertiK 2022-04-03 14:49:03 阅读数:800

analysis million stolen inverse finance

 Predicting machine

Beijing time. 2022 year 4 month 2 Japan 19 when ,CertiK The safety technical team monitored Inverse Finance Being used maliciously , Leading to a value of about 1450 Million dollars of assets were lost .

The root cause of this event is that the price is manipulated due to the dependence of external price prediction machine , Therefore, attackers can borrow assets by manipulating prices .

Attack process

Before launching an attack , The attacker made the following preparations : 

1. First , The attacker deployed a malicious contract . The address of the contract is :0xea0c959bbb7476ddd6cd4204bdee82b790aa1562

2. secondly , The attacker is SushiSwap/ Exchange in , To manipulate the price in the transaction , The transaction address is :0x20a6dcff06a791a7f8be9f423053ce8caee3f9eecc31df32445fc98d4ccd8365

because SushiSwap:INV(INV-ETH Pair) The liquidity of is very low , use 300ETH( Worth about a million dollars ) Exchange for INV There will be a big increase in INV Price .

And then , The attacker officially launched the attack :

1. The attacker took the... Obtained in the preparation stage INV Deposit in , And casting (mint) 了 1746 gold XINV Tokens, .

2. XINV The price of : according to SushiSwap:INV Right INV The price is calculated by . As mentioned above ,INV The price of is manipulated , So every XINV The value of 20926 dollar .

3. With XINV The price of is modified , Attackers can use forged XINV The token borrows the following assets :1588 gold ETH,94 gold WBTC,3999669 gold DOLA And 39 gold YFI.

Contract vulnerability analysis

The main reason for this vulnerability is that it is dependent on the price prediction machine , And there is 30 Minutes window period . The attack officially occurs after the preparation phase is completed , Only by the 15 second .

 Predicting machine

under these circumstances , because timeElapsed == 15, Oracle contract Keep3rV2Oracle Function of _update() in 'timeElapsed > periodSize' Will be bypassed . This means that the final cumulative price has not been updated . thus it can be seen , function _computeAmountOut() Medium amoutOut Will be larger than expected , because priceCumulative Has been manipulated , but _observation.priceCumulative Not updated .

 Predicting machine

One side ,XINV The price of depends on SushiSwap:INV Yes (INV-ETH Yes ) Our reserves , Its liquidity is very low .

On the other hand ,TWAP Can prevent lightning attacks . Theoretically , Attackers can get through " sacrifice " Some money to manipulate prices , in other words , Use his own money to change the price . In this special price prediction machine design , If the elapsed time does not exceed 30 minute , The current price ( From reserves ) Should not be used to calculate the amount of money .

Asset tracking

According to the CertiK SkyTrace Show , Value contract 1450 The $million asset was stolen and transferred to Tornado Cash.

 Predicting machine

Other details

The preparation period for trading by exploiting vulnerabilities :

Exploit vulnerabilities to trade and launch attacks :

The attacker's address 1:

The attacker's address 2:

Attack contracts :

Oracle contract :

SushiSwap INV-ETH Pair:

XINV Contract address :

Keep3rV2 Oracle contract address :

​ At the end

Today, , Many projects will use the Oracle , Some projects will also have a strong dependence on it . Security audit , Will review the rationality of the design of the Oracle 、 Price algorithm and economic model .

therefore ,CertiK Safety experts advise : Try to avoid using pools with low liquidity as the source of price prediction machine , At the same time, the security audit of the project is carried out to ensure the correctness of the oracle model .