Cover Incident: The Unlimited Token-Minting Vulnerability
[Disclaimer] This analysis is based on the initial finding by @nomorebear!
Started at 08:08:12 AM +UTC, Dec. 28, 2020, Cover’s
Blacksmith contract was exploited to mess up the total amount of COVER tokens in circulation with currently 40+ quintillion COVERs (1 quintillion = 10^18). The incident was due to a business logic bug in the way of calculating the COVER rewards for staking users. It is worthwhile to mention that it seems a white-hat operation and the gains from the exploit are already returned back to the team. In the following, we elaborate the technical details.
This incident was due to a business bug in the protocol that mis-calculates the reward amount for staking users. There is no flashloan or price manipulation involved. The consequence of normal staking and unstaking operations will directly result in wrong amount of COVER tokens being minted. Currently, the bug has been exploited to issue more than 40+ quintillion COVERs (1 quintillion = 10¹⁸). The minted tokens are sold off at various DEX platforms and the gains are returned back to the team.
The Unlimited Minting Vulnerability
We started the analysis from the transaction behind one specific staking operation: d721…7a50. This staking operation can be divided into three distinct steps: (1) It firstly updates the pool by computing the COVER rewards minted in the elapsed period with the latest
updatePool() at line 121); (2) it then claims the miner’s rewards (via
_claimBonus() at lines 125-126); and (3) it finally records the miner’s status with the staked amount and the associated
bonusWriteoff (lines 128-131). For illustration, we show below the related
The issue comes from the
rewardWriteoff mis-calculation in the above third step. Specifically, the current calculation of
miner.amount.mul(pool.accRewardsPerToken).div(CAL_MULTIPLIER) (line 130) uses the
pool.accRewardsPerToken, which is defined as
memory (line 118) and is thus outdated without being updated in
updatePool(). Since it is outdated, the resulting
rewardWriteoff is smaller than expected. When next time the same staking user claims the rewards, the staking contract, i.e.,
Blacksmith, mints extra COVER tokens. A crafted input with staked amount can greatly amplify the minted amount. Currently, there are more than 40 quintillion COVERs minted in circulation.
Though this incident leads to unlimited minting of COVER tokens, these minted tokens are dumped at various DEX platforms to dramatically lower down the token price. The white-hat behind the attack has already returned the gains of 4,350 ETH back to the team in the following transaction: c2fd…982e.
PeckShield Inc. is an industry leading blockchain security company with the goal of elevating the security, privacy, and usability of the current blockchain ecosystem. For any business or media inquiries (including the need for smart contract auditing), please contact us at telegram, twitter, or email.