About Secure3

We welcome all community members to share security-related insights and analysis and submit to info@secure3.io for review. Qualified content will be posted in our community.

About the author:

W2Ning is a member of Secure3DAO and is currently a senior security research scientist at ByBit 493 Labs. He is specialized in Defi attack analysis and incident reproduction and has extensive experience in security research in both web2 and web3 applications.

Background

Simply saying: hackers are not those stereotypical geeks with dirty shirts and fluffy hairs: they’ve reached financial freedom before the attack, just like George Soros.

This article summarizes three independent hacks. Though the mechanisms of the three vary, they share one common property:

Hackers do not rely on FlashLoan to conduct “Single-Transaction-Attack”; instead, they spent millions of dollars to manipulate the price of the tokens and produced the prerequisites environments of hack, and then conducted malicious attacks.

It requires higher standards on the robustness of Dapps, and there is a major reason that a previously safe economy model should be reconsidered:

A so-called “high monetary cost” of the attack cannot really stop the malicious behaviors, if the return is even higher.

NO. 1. Fortress

On May 9th, 2022, hackers maliciously controlled the price of FTS by targeting the unauthorized access of public of submit() function in Chain.sol, so that they left with multiple high-value token borrowed out via staking in low-value FTS token.

But some preliminary work has been done in April:

1. Buy huge batches of FTS on Apr. 27th.

2. Published malicious proposal on May 2nd.

As FTS was not a recognized collateral and thus could not be used to borrow out other tokens, the malicious proposal is to “Add the FTS token as collateral”:

[https://bsc.fortress.loans/vote/proposal/11](https://bsc.fortress.loans/vote/proposal/11)

3. When the proposal was passed, deploy the malicious contract on May 9th.

The contract completes multiple operations in one transaction:

• Execute the proposal
• Falsify the price of FTS
• Stake in FTS
• Borrow other tokens

NO. 2. DEUS

On Apr. 28th, 2022, the Muon VWAP oracle was maliciously manipulated, and the price of DEI was raised 20x. Hackers overcollateralized more than 13M USD and left the pool.

1. Transfer in more than 2M USDC cross chain to prepare for the attack.

2. Construct a 2M USDC -> 100k DEI swap on the USDC/DEI pair to “feed” Muon VWAP oracle.

3. Then use Flash Loans from 22 different DEX’s and pools

Yea basically you need to click 22*3 times on Trace to find out the core logics…

This action almost drained the 140M USDC on the Fantom chain, and those USDC was again used to exchange for DEI on the USDC/DEI pair, so that the exchange rate was kept the same as the off-chain feed-in price of Muon VWAP oracle, as shown here:

[https://ftmscan.com/tx/0x39825ff84b44d9c9983b4cff464d4746d1ae5432977b9a65a92ab47edac9c9b5](https://ftmscan.com/tx/0x39825ff84b44d9c9983b4cff464d4746d1ae5432977b9a65a92ab47edac9c9b5)

4. Last, stake in LPToken of USDC/DEI to borrow 17M DEI, exchange them back to USDC, pay back 22 Flash Loans, and leave with 13M USD profit cross chain.

[https://ftmscan.com/address/0x750007753eCf93CeF7cFDe8D1Bef3AE5ea1234Cc#tokentxns](https://ftmscan.com/address/0x750007753eCf93CeF7cFDe8D1Bef3AE5ea1234Cc#tokentxns)

It only ranks the 41st on REKT list, but with respect to:

• HUGE amount of preparatory fund
• Utilization of 22 Flash Loans
• Thorough understanding of the mechanism of onchain swap and offchain oracle

It ranks the Top 3 for me.

NO. 3. INVERSE

On Apr. 2nd 2022, INV lost ~15M USD due to malicious price manipulation.

1. Take 900 ETH from Crypto tumbler to be the preparatory fund of attack.

2. Swap on INV/WETH, using 500 ETH to get 1700 INV.

[https://etherscan.io/tx/0x20a6dcff06a791a7f8be9f423053ce8caee3f9eecc31df32445fc98d4ccd8365](https://etherscan.io/tx/0x20a6dcff06a791a7f8be9f423053ce8caee3f9eecc31df32445fc98d4ccd8365)

This operation manipulated the price of INV to some extent, as the oracle that Iverse Finance uses, Sushi Twap, samples the very first transaction price relevant to INV of every block and computes the current price via weighted average. In other words, the hacker must maintain such twisted price within the time window of the attack over multiple blocks.

3. Thus the hackers published junk transactions from multiple addresses to occupy the entire block, such that all of the normal transactions were squeezed out and thus maintained the twisted price of INV.

Hackers divided 361.5 ETHs to 241 addresses via Disperse, as shown below:

[https://etherscan.io/tx/0x561e94c8040c82f8ec717a03e49923385ff6c9e11da641fbc518ac318e588984](https://etherscan.io/tx/0x561e94c8040c82f8ec717a03e49923385ff6c9e11da641fbc518ac318e588984)

And those 241 addresses transferred money to the same address to occupy the entire block to activate the price on Twap.

[https://etherscan.io/txs?a=0x8b4c1083cd6aef062298e1fa900df9832c8351b3](https://etherscan.io/txs?a=0x8b4c1083cd6aef062298e1fa900df9832c8351b3)

4. Then the hackers staked in INV, borrowed out 15M WBTC, YFI, DOLA, and left.

[https://etherscan.io/tx/0x600373f67521324c8068cfd025f121a0843d57ec813411661b07edc5ff781842](https://etherscan.io/tx/0x600373f67521324c8068cfd025f121a0843d57ec813411661b07edc5ff781842)

Summary

• Hackers have already been rich before these new hacks: they just become richer.
• Previously, we might think that some of hacks are “Too Expensive to be Executed”; but they are happening nowadays.
• DApp developers might need to redraw the user persona of hackers before designing the protocols.