Value DeFi Incident: Root Cause Analysis

Started at 15:36:30 PM +UTC, Nov-14–2020, Value DeFi was exploited to drain $7.4 million of DAI from its pooled MultiStablesVault. The incident was due to a bug in the way to measure asset price from an AMM-based oracle. The hacker further leaves a message ("do you really know flashloan?") to challenge the team. In the following, we elaborate the technical details.

Image for post
Image for post

Summary

This incident was due to a bug in the protocol that uses the AMM-based oracle, i.e., Curve, to measure the asset price. After a flashloan-based price manipulation on Curve, the exploitation leads to an unproportional 3crv tokens even from with the same amount of previously minted pooltokens. After the withdrawal, these 3crv tokens are then redeemed for DAI. The whole process leads to $7.4 million of DAI loss of Value DeFi (while $2 million of DAI is returned back to Value DeFi).

Details

We started the analysis from the transaction behind the hack: 46a0…150a. This hack is initialized from a malicious contract (located at 0x675b) and works as follows:

  • Step 1: Take a flashloan of 80K ETH from Aave
Image for post
Image for post
Step 1: Aave Flashloan of 80K ETH
  • Step 2: Swap at UniswapV2 from WETH to 116M DAI: The UniswapV2 DEX firstly transfers the 116M DAI to the user and then checks the transfer-in of WETH after the swap is finished. (If WETH is not transferred or without sufficient amount), the swap transaction will be reverted.) In between, the 0x675b contract is notified to execute the following steps.
  • Step 3: Swap 80K ETH from Aave to 31M USDT at UniswapV2
  • Step 4: Deposit 25M DAI at Vault DeFi with 24.9M minted pooltokens (to the attacker) and 24.956M new 3crv (under custody of Vault DeFi)
  • Step 5: Swap 90M DAI to 90.285M USDC at Curve: This step makes the affected 3pool imbalanced, causing USDC expensive.
  • Step 6: Swap 31M USDT to 17.33M USDC at Curve: This step further skews the USDC price in the 3pool.
Image for post
Image for post
Steps 2–6: Price Manipulation at Curve’s 3pool
  • Step 7: Burn 24.9M minted pooltokens to redeem the unproportional share of 33.089M 3crv tokens: Due to the manipulated price feed, the attacker is able to get away with 33.089M 3crv, instead of normal 24.956M.
  • Step 8: Swap 17.33M USDC back to 30.94M USDT at Curve
  • Step 9: Swap 90.285M USDC back to 90.927M DAI at Curve
  • Step 10: Remove liquidity from 3pool by burning 33.089M 3crv to redeem 33.11M DAI
Image for post
Image for post
Steps 7–10: Value DeFi Redemption for Profit
  • Others: The remaining steps essentially convert the gains to pay back the Aave flashloan and complete the UniswapV2 trade at Step 2.

After the successful exploitation, the attacker returns 2M DAI back to the Value DeFi deployer (0x7be4) and keeps 5.4M DAI of profit.

The stolen funds from the above exploitations are currently held in this wallet: 0xa773. We are actively monitoring this wallet for any movement.

About Us

PeckShield Inc. is an industry leading blockchain security company with the goal of elevating the security, privacy, and usability of the current blockchain ecosystem. For any business or media inquiries (including the need for smart contract auditing), please contact us at telegram, twitter, or email.

Written by

A Blockchain Security Company (https://peckshield.com)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store