At around 6:00 on December 18, Beijing time, the DeFi lending agreement Warp Finance was hacked, causing nearly $8 million in asset losses.
At the same time, Warp Finance officially tweeted that it is investigating illegal loans and recommends users to suspend stablecoin deposits until the truth of the incident becomes clear.
After receiving the alarm from the blockchain security situational awareness platform (Beosin-Eagle Eye), the Chengdu Lianan team immediately investigated the attack and found that:
1. Warp Finance uses the relative price of Uniswap trading pairs as the price feed source for its oracle.
2. After learning about this situation, the attacker manipulated the price of the Uniswap trading pair with the huge amount of funds obtained from the flash loan.
3. By controlling the oracle machine to feed price source information, the attacker destroyed Warp Finances loan value judgment standard.
4. Under the wrong data environment of Warp Finance, the attacker stole assets far exceeding the value of the collateral.
secondary title
secondary title
0x8bb8dc5c7c830bac85fa48acad2505e9300a91c3ff239c9517d0cae33b595090
Analysis of attack process
The attacker first used Uniswap for flash loans, and adopted the method of mosaic (continuous operation before repayment) to carry out WETH loans in WBTC2, USDC3 and USDT2 pools respectively, as shown in the following figure:
Later, in order to expand the amount of funds used for the attack, the attacker made a flash loan on dYdX. As shown below:
At this time, the scale of the loaned funds has reached nearly 200 million US dollars. Next, the attacker injected liquidity into the DAI 2 trading pool of Uniswap, and obtained the liquidity token LP, as shown in the following figure:
Then, mortgage the obtained LP tokens in the Warp Finance contract, the transaction and code are as follows:
After completing the mortgage, the attacker used the borrowed funds to exchange all the DAI in the Uniswap DAI 2 pool, as shown in the figure below:
secondary title
LP token price algorithm
(Price of A Token × Holding Amount in A Token Pool + Price of B Token × Holding Amount in B Token Pool) / Total Amount of LP Tokens
Among them, the price of A token and B token is calculated by Uniswaps corresponding token and stable currency trading pair.
Therefore, under the above circumstances, the prices of tokens A and B are at normal levels, while the relative prices of tokens A and B in the trading pair have become abnormal. This is because Uniswap uses a constant product market maker mechanism, that is, A×B=K. When there is a large amount of exchange for a certain token, there will be huge slippage, resulting in a price difference.
Assumption: A=A token quantity; B=B token quantity; AP=A token price; BP=B token price
Known: A×B=k (K is constant when no liquidity is added); Warp price=(AP×A+BP×B)/totalLP
Since both AP and BP are constant in this event, we can set AP=X1×BP, and simplify to get Warp price=((X1×K)/B+B)×BP/totalLP
It can be concluded that X1×K, BP and totalLP are all constant in the attack, and as the number of B increases, the price of LP will increase.
The attacker took advantage of this, and used the huge amount of funds obtained from the flash loan to massively increase the liquidity of one of the tokens in the transaction pool, forcing the other token to increase accordingly, causing the price imbalance of LP . Since the price of LP has been manipulated and is at a high level, the attacker can lend more assets than normal.
After that, the attacker makes a loan by calling the following function.
secondary title
Event summary
Obviously, this is another typical oracle attack incident initiated by a huge flash loan. Chengdu Lianan once wrote an article pointing out that among the many attack methods of current hackers, the oracle machine price feeding control is the invisible culprit.
At the same time, Chengdu Lianan also solemnly reminds DeFi developers that they should strengthen the targeted testing of oracle machines, especially before the project goes online, simulate various scenarios of price manipulation attacks as much as possible, discover problems in time and find solutions, and effectively improve The ability of the project to resist oracle attacks. Just one month later, the huge property loss once again warned us that in the field of blockchain, security protection is particularly important, and many system security vulnerabilities are hard to guard against. Therefore, we must take active measures to form a continuous and effective protection plan in order to avoid problems in advance to the greatest extent. In addition, if there are any technical problems in security during the operation of the DeFi project, it is an effective way to adopt third-party security technology solutions. Finally, Chengdu Lianan once again appealed to strengthen regular security testing of project oracle machines and other aspects to prevent such incidents from happening again.
