Author: PeckShield
Original title: OUSD suffered a “classic re-entry attack” with a loss of 7.7 million US dollars.
Recently, PeckShield has monitored the DeFi protocol Origin Protocol stable currency OUSD being attacked. The attacker used the lightning loan on the derivatives platform dYdX to carry out a re-entrancy attack, causing the loss of USD 7.7 million worth of ETH and DAI .
The reentry attack is one of the most classic attack methods on Ethereum smart contracts. The famous the DAO theft event is that the attacker used a reentry attack to cause the Ethereum to hard fork and lose 50 million US dollars worth of ETH.
Since April this year, DeFi projects have been repeatedly attacked. On April 18, hackers used Uniswap and ERC777 standard compatibility issues to implement reentry attacks; on April 19, Lendf.Me also suffered a similar reentry attack; on November 14, hackers used the SavingsModule contract of the Akropolis project to A certain flaw in the handling of users’ stored assets has carried out 17 consecutive reentry attacks and lost 2.03 million DAI.
On November 17, 2020, Beijing time, PeckShield monitored that the stable coin OUSD was under reentry attack. OUSD is an ERC-20 stablecoin pegged to the U.S. dollar launched by Origin Protocol. Users can mint OUSD stablecoins by depositing basic stablecoins (such as USDT, USDC, DAI) into the Origin smart contract. The stablecoin invests in multiple DeFi protocols and conducts income farming to earn returns for OUSD holders.
The reentry attack reproduces the creation of 20.5 million OUSD out of thin air
PeckShield found through tracking and analysis that first, the attacker loaned 70,000 ETH from dYdX Lightning Loan;
Subsequently, in UniswapV2, the 17,500 ETH was converted into 7.85 million USDT, and the remaining 52,500 ETH was converted into 20.99 million DAI;
Next, the attacker minted the OUSD stablecoin four times:
When minting OUSD through the mint() function for the first time, the attacker did deposit 7.5 million USDT in the Origin smart contract and obtained 7.5 million OUSD;
When the OUSD was minted through the mintMultiple() multiple stablecoin functions for the second time, the attacker deposited 20.5 million DAI and 0 fake “stable coins” in the Origin smart contract, and attacked the contract through a reentry attack in this step . The attacker deposited 20.5 million DAI and 0 fake “stable coins” into VaultCore. At this time, the smart contract received 20.5 million DAI. When trying to receive 0 fake “stable coins”, the attacker used malicious contracts to hijack Before the smart contract started to mint 20.5 million OUSD, the mint() function was called to maliciously issue 20.5 million OUSD . This malicious additional issuance was implemented by the VaultCore contract calling the rebase() function.
It is worth noting that in order to successfully implement the hijacking, the attacker deposited 2,000 USDT in real money when the above mint() function was called, and obtained 2,000 OUSD for the third mint. Subsequently, the oUSD.mint() function was called to mint 20.5 million OUSD for the fourth time.
Rebase refers to the flexible adjustment process of token supply, that is, “reset” the token supply. In the DeFi field, there is a type of tokens with a flexible supply mechanism, that is, the wallet balance and total tokens of each token holder will change in proportion to the changes in the token price. At this time, the attacker obtained a total of 28.002 million OUSD, including 7.5 million USDT, 20.5 million DAI and 2,000 USDT pledged. As a result of calling the rebase() function, the total OUSD obtained by the attacker rose to 33,269,000.
Finally, the attacker first used the obtained 33,269,000 OUSD to redeem 19.5 million DAI, 9.4 million USDT, and 3.9 million USDC; then in Uniswap, 10.45 million USDT was exchanged for 22,898 ETH, and 3.9 million USDC was exchanged For 8,305 ETHs, 1.9 million DAIs were converted into 47,976 ETHs, totaling 79,179 ETHs, and 70,000 of them were returned to the dYdX lightning loan.
According to PeckShield statistics, the attacker made a total of 11,809 ETH and 2,249,821 DAI in this attack, totaling $7.7 million.
In response to this attack, Origin Protocol officially responded that it is actively taking measures to recover funds.
With the vigorous development of the DeFi ecosystem, hidden security issues have gradually become prominent. As DeFi-related projects are closely connected to user assets, their security issues need to be resolved urgently.
In this regard, the relevant person in charge of PeckShield said: “This type of reentry attack occurs mainly because the contract does not whitelist the user’s stored Token. DeFi is a’building block combination’ composed of multiple smart contracts and applications. The overall security is interlinked. The platform side must not only ensure that there is a strong code audit and vulnerability investigation before the product goes online, but also consider the potential systemic risk control problems due to their different business logic when combining different products. .”
