More than 10 million US dollars were stolen from the old DeFI project. Briefly summarize the attack process

On April 13, 2023, according to the Beosin-Eagle Eye situational awareness platform, Yearn Finance's yusdt contract was attacked by a flash loan by hackers, and the hackers made a profit of more than 10 million US dollars.

 https://eagleeye.beosin.com/RiskTrxDetail/0xd55e43c1602b28d4fd4667ee445d570c8f298f5401cf04e62ec329759ecda95d

Regarding this incident, the Beosin security team has shared a brief analysis with you in the form of a newsletter during the day. Now we share the long article as follows:

Information about the incident

Attacking transactions

0xd55e43c1602b28d4fd4667ee445d570c8f298f5401cf04e62ec329759ecda95d

0x8db0ef33024c47200d47d8e97b0fcfc4b51de1820dfb4e911f0e3fb0a4053138

0xee6ac7e16ec8cb0a70e6bae058597b11ec2c764601b4cb024dec28d766fe88b2

Attacker Address

0x5bac20beef31d0eccb369a33514831ed8e9cdfe0

0x16Af29b7eFbf019ef30aae9023A5140c012374A5

Attacking the Contract

0x8102ae88c617deb2a5471cac90418da4ccd0579e

Attack Process

Below

Take 0xd55e43c1602b28d4fd4667ee445d570c8f298f5401cf04e62ec329759ecda95d as an example for analysis.

1. The attacker first borrowed 5 million Maker: Dai Stablecoin, 5 million USD and 2 million Tether: USDT Stablecoin as the attack capital through a flash loan.

2. The attacker calls the repay function of the aave pool contract to repay other people’s debts. This step is to reduce the mortgage income of the aave pool, thereby reducing the priority of the aave pool in the yearn:yUSDT Token contract (the yearn:yUSDT Token contract will determine which pool to invest the funds in based on the income situation).

3. Then the attacker called the deposit function of the yearn: yUSDT Token contract and pledged 900,000 Tether: USDT Stablecoin. This function will mint a related number of yUSDT for the caller based on the pledged amount. The calculation method is related to the balance of various tokens in the pool. As shown in the figure below, 820,000 yUSDT was minted for the attacker.

4. At this point, there are 900,000 Tether: USDT Stablecoin and 130,000 Aave: aUSDT Token V1 in the contract

5. Next, the attacker used 150,000 USD to exchange for 150,000 bZx USDC iToken and sent it to the yearn: yUSDT Token contract. At this point, there was 1.18 million in funds in the contract, and the attacker had a 90/103 share, which meant he could withdraw 1.03 million.

6. Subsequently, the attacker called the withdraw function of the yearn: yUSDT Token contract to withdraw the pledged funds. At this time, the contract only contained the 900,000 Tether: USDT Stablecoin previously pledged by the attacker, the initial 130,000 Aave: aUSDT Token V1, and the 150,000 bZx USDC iToken transferred by the attacker. If there are insufficient tokens in a pool, the tokens of subsequent pools will be withdrawn in order. At this time, the attacker withdrew all 900,000 Tether: USDT Stablecoin and 130,000 Aave: aUSDT Token V1. After this operation, there were only 150,000 bZx USDC iTokens in the contract.

7. Then, the attacker calls the rebalance function of the yearn: yUSDT Token contract, which will extract the tokens from the current pool and pledge them to another pool with higher returns. Due to the second step, the contract will extract USDT and USDC and add them to the pool with higher returns, but the current contract only has bZx USDC iToken, and can only extract USDC. After the extraction, it will be reinvested in other USDT pools, and the reinvestment will be skipped at this time.

8. The attacker transferred 1 unit of Tether: USDT Stablecoin into the pool, and called the deposit function of the yearn: yUSDT Token contract again to pledge 10,000 Tether: USDT Stablecoin. Due to the operation in step 7, the contract has taken out all the funds in all pools and cannot add them to the new pool, resulting in the variable pool being calculated as 1 entered by the attacker. As a divisor, pool will calculate a huge value, minting 1.25*10^15 yUSDT to the attacker.

9. Finally, the attacker uses yUSDT to exchange all other stablecoins and repay the flash loan.

Vulnerability Analysis

This attack mainly took advantage of the configuration error of the yUSDT Token contract. When rebalancing and reselecting the pool, only USDT (token is USDT) was used as the addition amount, and USDC could not be added to the pool. As a result, the attacker used USDC to "consume" all the USDT of the contract, and the pool balance became 0, thereby minting a large number of tokens.

Funds tracking

As of the time of writing, the Beosin KYT anti-money laundering analysis platform found that part of the stolen funds, $11.5 million, had been transferred to Tornado cash, and the rest was still stored in the attacker's address.

Summarize

In response to this incident, the Beosin security team recommends that you conduct a strict check during initial configuration. At the same time, it is recommended that you select a professional security audit company to conduct a comprehensive security audit before the project goes online to avoid security risks.