WarpFinance Incident: Root Cause Analysis
Started at 10:24:41 PM +UTC, Dec. 17, 2020, WarpFinance was exploited and drained $~7.8 million of DAI from its vault (
WarpVaultSC). The incident was due to a bug in the way of measuring asset price from an AMM-based oracle. It is worthwhile to mention that this attack does not result in immediate profit for the attacker. In the following, we elaborate the technical details.
This incident was due to a bug in the protocol that uses the AMM-based oracle, i.e., Uniswap, to measure the asset price. After a flashloan-based price manipulation on Uniswap, the exploitation leads to an un-proportional (borrowed) amount of DAI and USDC from the WarpFinance lending platform. The whole process leads to $~7.8 million of DAI/USDC loss. However, the attacker does not get hold of this fund or is not at his disposal. Instead, the deposited LP tokens as collaterals from the attacker are locked in WarpFinance due to an under-water borrow position.
The Hack Walk-through
We started the analysis from the transaction behind the hack: 8bb8…5090. This hack is initialized from this attacker address (located at 0xdf8b) and works as follows:
- Step 1: Take four different flashloans of 2.9M DAI + 344.8K WETH from dYdX and UniswapV2;
- Step 2: Deposit the dYdX flashloan (of 2.9M DAI + 76K WETH) to UniswapV2 pair (WETH-DAI) and mint in return 94.349K LP tokens. These minted tokens are then transferred to
WarpVaultLPas collateral to the credit of the attacker; (Note that current price of LP token is 58,815,427.)
- Step 3: Swap 341K WETH for 47.6M DAI via UniswapV2 so that DAI becomes very expensive, which cascadingly at least doubles the LP token price to 135,470,392;
- Step 4: With the higher LP token price and the higher computed collateral value, the attacker is able to borrow 3.86M DAI and 3.9M USDC from WarpFinance (valued about $~7.8 million)
- Step 5: Return the flashloans in Step 1 back to dYdX and UniswapV2.
The Stolen Funds
Though this incident leads to $~7.8 million loss, the attacker does not immediately benefit from it. Specifically, the attacker is currently having an under-water borrow position in WarpFinance, which still locks the 94.349K LP tokens. In the meantime, we are actively monitoring the attacker wallet for any movement.
PeckShield Inc. is an industry leading blockchain security company with the goal of elevating the security, privacy, and usability of the current blockchain ecosystem. For any business or media inquiries (including the need for smart contract auditing), please contact us at telegram, twitter, or email.