Chuangyu blockchain | hackers use reentry vulnerabilities to steal money, ola_ Analysis of financial attack events

Know Chuangyu blockchain Security Laboratory 2022-04-04 19:34:51 阅读数:467

chuangyu blockchain hackers use reentry

1. Preface

Beijing time. 2022 year 3 month 31 Japan , Know Chuangyu blockchain Security Lab The loan platform is monitored Ola_finance Reentry attack , Hackers steal 216964.18 USDC、507216.68 BUSD、200000.00 fUSD、55045 WETH、2625 WBTC and 1240,000.00 FUSE, about 467 ten thousand dollar .
 Insert picture description here

2. analysis

One of the attacks is shown in the figure below , The problem with this attack is and ERC677 Incompatibility of tokens , The built-in callback function of these tokens is used by attackers to conduct reentry attacks to exhaust the loan pool .
 Insert picture description here

All attacks are as follows :

20 WBTC + 100 WETH Stolen :

100 WETH Stolen :

100 WETH Stolen :

100 WETH Stolen :

100 WETH Stolen :

52.094 WETH Stolen :

6.246 WBTC Stolen :

216964.176 USDC Stolen :

507216.676 BUSD Stolen :

200000 fUSD Stolen ( Collateral stolen after borrowing ):

1240000 FUSE Stolen ( Collateral stolen after borrowing ):

2.1 Basic information
Attack contracts : Contract1:0x632942c9BeF1a1127353E1b99e817651e2390CFF Contract2:0x9E5b7da68e2aE8aB1835428E6E0c83a7153f6112

The attacker's address : 0x371D7C9e4464576D45f11b27Cf88578983D63d75

attack tx: 0x1b3e06b6b310886dfd90a5df8ddbaf515750eda7126cf5f69874e92761b1dc90

Loophole contract : 0x139Eb08579eec664d461f0B754c1F8B569044611

2.2 technological process
The attacker's attack process is as follows :
1. The attacker will 550.446 WETH From attack contract 0x6392 Go to another attack contract 0x9E5b.
 Insert picture description here

  1. Attacker deposit 550.446 WETH To cETH contract 0x139Eb08579eec664d461f0B754c1F8B569044611 Get coins 27284.948 oWETH.
     Insert picture description here

  2. Because of 27284.948 oWETH, An attacker can use cBUSD contract 0xBaAFD1F5e3846C67465FCbb536a52D5d8f484Abc Loan out of 507216.676 BUSD.
     Insert picture description here

4. The attacker is BUSD Transfer to attack contract 0x9E5b Call callback function during , take 27284.948 oWETH Transfer to Attack contracts 0x6329, Borrow 507216.676 BUSD Later, it was also transferred to the attack contract 0x6329.
 Insert picture description here

5. Attack contracts 0x6329 redeem 27284.948 oWETH get 550.446 WETH.

 Insert picture description here

2.3 details
The main problem of the attack occurred in the third and fourth steps of the above process .
because ERC677 Present in token transferAndCall function , So you can make external calls ( Details can be found at ).
 Insert picture description here

stay BUSD from oBUSD Loan transfer to attack contract 0x9E5b period , Attacking contracts 0x9E5b Call a callback function , take oWETH from Attack contracts 0x9E5b go to Attack contracts 0x6329 in ( Attack contract at this time 0x9E5b The debit and credit balance of has not been updated ), Lend BUSD Later, it was also transferred to the attack contract 0x6329.
Through the code, we can see that although Erc20Delegator The contract borrowInternal Function has a modifier to prevent reentry nonReentrant The limitation of , But this modifier can only prevent external call reentry from attacking its own contract , Does not prevent external calls from re entering other contracts .
 Insert picture description here
 Insert picture description here

Finally, due to the attack contract 0x6329 No borrowing , So it can oWETH redeem WETH. The attacker eventually got a mortgage to borrow BUSD Token WETH And they borrowed it BUSD Tokens, .
2.4 Subsequent processing An official statement said :

We will publish a detailed report on all tokens listed in all lending networks , Confirm that this attack cannot be replicated on other lending Networks . So , We will investigate the of each token 「 Transfer 」 Logic , To ensure that no problematic token standard is used . Besides , Each lending network Creator will be provided with the ability to quickly suspend token casting and lending on their lending network . later , We will release a patch , allow Compound Bifurcation safely lists compliance ERC677/ERC777 Standard token . Before that ,Fuse Lending on the lending network will be temporarily disabled ; Users who borrow assets do not accrue interest , And encourage them not to repay the loan at this time ( Because they are unlikely to withdraw collateral ). Once this patch has been thoroughly tested and reviewed ,Voltage All lending functions on will be restored . In the next few days , We will issue a formal compensation plan , Specify the funds allocated to the affected users . This will be accompanied by more articles , Outline the steps we will take in more depth 「 next step 」. We thank our partners for their support in analyzing the attack and helping us solve the problem quickly .

3. summary Is based on Compound Contract rewritten , and Compound Contracts and ERC677/ERC777 Incompatible tokens between , This allows the built-in callback function of these tokens to be exploited by attackers , Used to re-enter to exhaust the loan pool .

版权声明:本文为[Know Chuangyu blockchain Security Laboratory]所创,转载请带上原文链接,感谢。