WarpFinance Incident: Root Cause Analysis

Started at 10:24:41 PM +UTC, Dec. 17, 2020, WarpFinance was exploited and drained $~7.8 million of DAI from its vault (WarpVaultSC). The incident was due to a bug in the way of measuring asset price from an AMM-based oracle. It is worthwhile to mention that this attack does not result in immediate profit for the attacker. In the following, we elaborate the technical details.



The Hack Walk-through

We started the analysis from the transaction behind the hack: 8bb8…5090. This hack is initialized from this attacker address (located at 0xdf8b) and works as follows:

  • Step 1: Take four different flashloans of 2.9M DAI + 344.8K WETH from dYdX and UniswapV2;
  • Step 2: Deposit the dYdX flashloan (of 2.9M DAI + 76K WETH) to UniswapV2 pair (WETH-DAI) and mint in return 94.349K LP tokens. These minted tokens are then transferred to WarpVaultLP as collateral to the credit of the attacker; (Note that current price of LP token is 58,815,427.)
  • Step 3: Swap 341K WETH for 47.6M DAI via UniswapV2 so that DAI becomes very expensive, which cascadingly at least doubles the LP token price to 135,470,392;
  • Step 4: With the higher LP token price and the higher computed collateral value, the attacker is able to borrow 3.86M DAI and 3.9M USDC from WarpFinance (valued about $~7.8 million)
  • Step 5: Return the flashloans in Step 1 back to dYdX and UniswapV2.

The Stolen Funds

About Us

A Blockchain Security Company (https://peckshield.com)