The cat replaces the prince: Analysis of DODO being hacked

According to news, the wCRES/USDT V2 fund pool of the decentralized trading platform DODO was attacked by hackers, and nearly $980,000 worth of wCRES and nearly $1.14 million worth of USDT were transferred. DODO said that the team has offlined the relevant fund pool building entrance. The attack only affected the DODO V2 crowdfunding pool. Except for the V2 crowdfunding pool, other fund pools are safe; the team is cooperating with security companies to investigate and work hard to recover some funds. For more follow-up news, please pay attention to the official DODO community announcement.

The SlowMist security team followed up and analyzed the situation as soon as possible. The detailed analysis is provided below for your reference.

Attack details analysis

By looking at the attack transaction, we can find that the entire attack process is very simple. The attacker first transferred FDO and FUSDT into the wCRES/USDT fund pool, then lent wCRES and USDT tokens through the flashLoan function of the fund pool contract, and initialized the fund pool contract.

Why can I successfully borrow wCRES and USDT and initialize the fund pool contract by depositing FDO and FUSDT tokens? Is it because there is a loophole in the flash loan function of the fund pool?

Next, we analyze the flashLoan function in detail:

By analyzing the specific code, we can find that when a flash loan is made, the funds will be transferred out first through the _transferBaseOut and _transferQuoteOut functions, and then the specific external logic call will be made through the DVMFlashLoanCall function, and finally the funds of the contract will be checked. It can be found that this is a normal flash loan function, so the problem can only be in the execution of external logic during the flash loan.

By analyzing the external logic calls of the flash loan, it can be found that the attacker called the init function of the wCRES/USDT fund pool contract and passed in the FDO address and FUSDT address to initialize the fund pool contract.

At this point we can see that the fund pool contract can be reinitialized. To find out, let's analyze the initialization function in detail:

Through the specific code, we can find that the initialization function of the fund pool contract does not have any authentication and logic to prevent repeated initialization calls, which will result in anyone being able to call the initialization function of the fund pool contract and reinitialize the contract. At this point, we can derive the complete attack process of this attack.

Attack Process

1. The attacker first creates two token contracts, FDO and FUSDT, and then deposits FDO and FUSDT tokens into the wCRES/USDT fund pool.

2. Next, the attacker calls the flashLoan function of the wCRES/USDT fund pool contract to perform a flash loan and lend out the wCRES and USDT tokens in the fund pool.

3. Since the init function of the wCRES/USDT fund pool contract does not have any authentication and logic to prevent repeated initialization calls, the attacker called the initialization function of the wCRES/USDT fund pool contract through the external logic execution function of the flash loan, and replaced the token pair of the fund pool contract from wCRES/USDT to FDO/FUSDT.

4. Since the fund pool token pair was replaced with FDO/FUSDT and the attacker deposited FDO and FUSDT tokens into the fund pool contract at the beginning of the attack, he made a profit by finally passing the balance check of the flash loan funds being returned.

Summarize

The main reason for this attack is that the initialization function of the fund pool contract does not have any authentication and restrictions to prevent repeated initialization calls, which leads to the attacker using flash loans to borrow real coins, and then replacing the fund pool token pair with fake coins created by the attacker by re-initializing the contract, thereby bypassing the flash loan fund repayment check and pocketing the real coins.

Reference attack transaction:

https://cn.etherscan.com/tx/0x395675b56370a9f5fe8b32badfa80043f5291443bd6c8273900476880fb5221e