WarpFinance Incident: Root Cause Analysis

Started at 10:24:41 PM +UTC, Dec. 17, 2020, WarpFinance was exploited and drained $~7.8 million of DAI from its vault (WarpVaultSC). The incident was due to a bug in the way of measuring asset price from an AMM-based oracle. It is worthwhile to mention that this attack does not result in immediate profit for the attacker. In the following, we elaborate the technical details.

Summary

Details

The Hack Walk-through

We started the analysis from the transaction behind the hack: 8bb8…5090. This hack is initialized from this attacker address (located at 0xdf8b) and works as follows:

  • Step 1: Take four different flashloans of 2.9M DAI + 344.8K WETH from dYdX and UniswapV2;
  • Step 2: Deposit the dYdX flashloan (of 2.9M DAI + 76K WETH) to UniswapV2 pair (WETH-DAI) and mint in return 94.349K LP tokens. These minted tokens are then transferred to WarpVaultLP as collateral to the credit of the attacker; (Note that current price of LP token is 58,815,427.)
  • Step 3: Swap 341K WETH for 47.6M DAI via UniswapV2 so that DAI becomes very expensive, which cascadingly at least doubles the LP token price to 135,470,392;
  • Step 4: With the higher LP token price and the higher computed collateral value, the attacker is able to borrow 3.86M DAI and 3.9M USDC from WarpFinance (valued about $~7.8 million)
  • Step 5: Return the flashloans in Step 1 back to dYdX and UniswapV2.

The Stolen Funds

About Us

A Blockchain Security Company (https://peckshield.com)