Bearn.Fi Incident: Inconsistent Asset Denomination Between Vault & Strategy

Started at 10:36:20 AM +UTC, May 16, 2021, BearnFi’s BvaultsBank contract was exploited to drain about $11M funds from the pool. The incident was due to a bug in its internal withdraw logic in inconsistently reading the same input amount but with different asset denomination betweenBvaultsBank and the associated strategy BvaultsStrategy. In the following, we elaborate the technical details.

Summary

This incident was due to the mis-matched asset denomination implicitly assumed by BvaultsBank and its BvaultsStrategy strategy. Specifically, the BvaultsBank's withdraw logic assumes the withdrawn amount is denominated in BUSD while the BvaultsStrategy's withdraw logic assumes the withdrawn amount is denominated in ibBUSD. Note that ibBUSD is an interest-bearing token and is more expensive than BUSD. As a result, the withdraw request of 100 BUSD effectively leads to the withdraw of 100 ibBUSD. The exploitation of the issue leads to about $11M funds drained from the BvaultsBank contract.

Details

Inconsistent Asset Denomination Between BvaultsBank And BvaultsStrategy

We started the analysis from the transaction behind one specific hack: 603b…a36c. This transaction has a number of repeated operations against the BearnFi’s BvaultsBank contract and our following elaboration
focuses on the first set of the repeated operations.

1. It borrows a flashloan from CREAM with 7,804,239.111784605253208456 BUSD, which is returned at the last step with necessary fee to cover the flashloan cost.
2. It deposits the borrowed funds into BvaultsBank, which are immediately sent to the associated BvaultsStrategy strategy, then to Alpaca Vault for yield. Due to the above deposit, the Alpaca Vault mints 7,598,066.589501626344403426 ibBUSD back to BvaultsStrategy.
3. It farms with the received 7,598,066.589501626344403426 ibBUSD via the Alpaca FairLaunch.
4. It withdraws the 7,804,239.111784605253208533 BUSD from BvaultsBank, which turns to be interpreted as withdrawing 7,804,239.111784605253208533 ibBUSD, or equivalently 8,016,006.09792806917101481 BUSD! In other words, the initial deposit of 7,804,239.111784605253208456 BUSD comes back with 8,016,006.09792806917101481 BUSD. It should be mentioned that the returned funds reside in the BvaultsStrategy and the user only gets back 7,804,239.111784605253208456 BUSD as requested in this round.
5. In the next round, the user still deposits 7,804,239.111784605253208533 BUSD into BvaultsBank, cascadingly to BvaultsStrategy. But with the previous leftover from the last round, BvaultsStrategy credits the user with 8,016,006.09792806917101481 BUSD, which is used for yield again via Alpaca.
6. It repeats the above steps to continue accumulating the credit and finally exits by draining the pool.
7. It returns the flashloan with 7,806,580.383518140634784418 BUSD.

The Funds

This attack leads to more than $11M loss from the affected BvaultsBank. And the attacker’s funds from the above exploitations were initially held in this wallet: 47f3. We are actively monitoring this wallet for any movement.

About Us

PeckShield Inc. is an industry leading blockchain security company with the goal of elevating the security, privacy, and usability of the current blockchain ecosystem. For any business or media inquiries (including the need for smart contract auditing), please contact us at telegram, twitter, or email.