Replay: OUSD suffered a loss of US$7.7 million in a “classic reentry attack”. Why did hackers succeed repeatedly?


 215 total views

Replay: OUSD suffered a loss of US$7.7 million in a “classic reentry attack”. Why did hackers succeed repeatedly?

Recently, PeckShield has monitored the DeFi protocol Origin Protocol stable currency OUSD being attacked. The attacker used the lightning loan on the derivatives platform dYdX to carry out a re-entrancy attack, causing the loss of 7.7 million USD worth of ETH and DAI .

The reentry attack is one of the most classic attack methods on Ethereum smart contracts. The famous the DAO theft event is that the attacker used a reentry attack to cause a hard fork of the Ethereum and lost USD 50 million worth of ETH.

Since April this year, DeFi projects have been repeatedly attacked. On April 18, hackers used Uniswap and ERC777 standard compatibility issues to implement reentry attacks; on April 19, Lendf.Me also suffered a similar reentry attack; on November 14, hackers used the SavingsModule contract of the Akropolis project to A certain defect in handling users’ storage assets has carried out 17 consecutive reentry attacks and lost 2.03 million DAI.

On November 17, 2020 (Beijing time), PeckShield monitored that the stable coin OUSD was under a reentry attack. OUSD is an ERC-20 stablecoin pegged to the U.S. dollar launched by Origin Protocol. Users can mint OUSD stablecoins by depositing basic stablecoins (such as USDT, USDC, DAI) into the Origin smart contract. The stablecoin invests in multiple DeFi protocols and conducts income farming to earn returns for OUSD holders.

The reentry attack reproduces the creation of 20.5 million OUSD out of thin air

PeckShield found through tracking and analysis that, first, the attacker loaned 70,000 ETH from dYdX Lightning Loan;

Subsequently, in UniswapV2, the 17,500 ETH was converted into 7.85 million USDT, and then the remaining 52,500 ETH loaned into 20.99 million DAI;

Next, the attacker minted the OUSD stablecoin four times:

When OUSD was minted through the mint() function for the first time, the attacker did deposit 7.5 million USDT in the Origin smart contract and obtained 7.5 million OUSD;

When the OUSD was minted through the mintMultiple() multiple stablecoin functions for the second time, the attacker deposited 20.5 million DAI and 0 fake “stable coins” in the Origin smart contract, and attacked the contract through reentry attacks in this step . The attacker deposited 20.5 million DAI and 0 fake “stable coins” into VaultCore. At this time, the smart contract received 20.5 million DAI. When trying to receive 0 fake “stable coins”, the attacker used malicious contracts to hijack Before the smart contract normally started to mint 20.5 million OUSD, the mint() function was called to maliciously issue 20.5 million OUSD. This malicious additional issuance was implemented by the VaultCore contract calling the rebase() function.

It is worth noting that, in order to successfully implement the hijacking, the attacker deposited 2,000 USDT in real money when the above mint() function was called, and obtained 2,000 OUSD for the third mint. Subsequently, the function was called to mint 20.5 million OUSD for the fourth time.

Rebase refers to the process of flexible adjustment of token supply, that is, “reset” the token supply. In the DeFi field, there is a type of tokens with a flexible supply mechanism, that is, the wallet balance and total tokens of each token holder user will change in proportion to the changes in the token price. At this time, the attacker obtained a total of 28.002 million OUSD, including 7.5 million USDT, 20.5 million DAI and 2,000 USDT pledged. As a result of calling the rebase() function, the total OUSD obtained by the attacker rose to 33,269,000.

Finally, the attacker first used the obtained 33,269,000 OUSD to redeem 19.5 million DAI, 9.4 million USDT, and 3.9 million USDC; then, in Uniswap, 10.45 million USDT was exchanged for 22,898 ETH and 3.9 million USDC was exchanged. For 8,305 ETHs, 1.9 million DAIs were exchanged for 47,976 ETHs, totaling 79,179 ETHs, and 70,000 ETHs were returned to the dYdX lightning loan.

According to PeckShield statistics, the attackers made a total of 11,809 ETH and 2,249,821 DAI in this attack, totaling $7.7 million.

In response to this attack, Origin Protocol officially responded that it is actively taking measures to recover funds.

With the vigorous development of the DeFi ecosystem, hidden security issues have gradually become prominent. As DeFi-related projects are closely linked to user assets, their security issues need to be resolved urgently.

In this regard, the relevant person in charge of PeckShield said: “This type of reentry attack occurs mainly because the contract does not whitelist the user’s stored Token. DeFi is a’building block combination’ composed of multiple smart contracts and applications. The overall security is interlinked. The platform side must not only ensure that there is a strong code audit and vulnerability investigation before the product goes online, but also consider the potential systemic risk control problems due to their different business logic when combining different products. .”

Disclaimer: does not endorse any content or product on this page. While we aim at providing you all important information that we could obtain, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor can this article be considered as investment advice or recommendations. Every investment and trading move involves risk, you should conduct your own research when making a decision.