Slow Mist: Analyze the details of the lightning loan attack on Impossible Finance, the BSC DeFi project

Slow Mist: Analyze the details of the lightning loan attack on Impossible Finance, the BSC DeFi project

Loading

Impossible Finance’s DEX architecture refers to Uniswap v2, but it is different in the implementation of Pair, which is the root cause of the attack.

Original title: “The “Inconceivable” Journey of Being Hacked-Analysis of Impossible Finance Being Hacked”
Written by: Kong, working for the SlowMist Security Team

According to news from the SlowMist Zone, the Binance Smart Chain (BSC) DeFi project Impossible Finance suffered a lightning loan attack. The SlowMist security team immediately intervened in the analysis and shared the results as follows:

Attack details analysis

The DEX architecture of Impossible Finance refers to Uniswap v2, but the implementation of Pair is different. Impossible Pair implements two interfaces, cheapSwap and swap, respectively. The cheapSwap function is restricted to be called only by the Router contract, while the swap function can be called by any user for token exchange operations. The root cause of this attack is precisely this special token exchange structure . Next, we will conduct a specific analysis of this attack:

First, the attacker used Flash Loan to borrow a large amount of WBNB from PancakeSwap, and finally converted it into IF (Impossible Finance Token).

Slow Mist: Analyze the details of the lightning loan attack on Impossible Finance, the BSC DeFi project

The attacker then created a token AAA (BBB) ​​under his control and added liquidity to the IF token obtained in the previous step.

Slow Mist: Analyze the details of the lightning loan attack on Impossible Finance, the BSC DeFi project

After that, the attacker passed in a custom conversion path (AAA -> IF -> BUSD) through the Router to convert AAA tokens into BUSD tokens, and the problem occurred in this conversion process. Through the record on the chain, we can easily find that the attacker performed two exchange operations during the process of converting AAA tokens into IF tokens:

Slow Mist: Analyze the details of the lightning loan attack on Impossible Finance, the BSC DeFi project

Why are two redemption operations performed during one redemption process?

By analyzing the specific internal call process, we can find that the attacker calls the transferFrom function of the AAA contract in the Router contract to transfer AAA tokens into the Pair contract, and calls the swap function of the Pair contract once (that is, the transferFrom function is implemented The logic of normal transfer and swap call). Then perform a normal token exchange operation again through the cheapSwap expected by the project design.

Slow Mist: Analyze the details of the lightning loan attack on Impossible Finance, the BSC DeFi project

Slow Mist: Analyze the details of the lightning loan attack on Impossible Finance, the BSC DeFi project

Slow Mist: Analyze the details of the lightning loan attack on Impossible Finance, the BSC DeFi project

Through the above analysis, we can know that the attacker performed two token exchange operations by calling the swap function and the cheapSwap function during a token exchange process, and finally received additional BUSD tokens. So since it is an exchange operation, in theory, each exchange operation will lead to a change in the K value, and ultimately make the user unable to obtain the expected tokens.

But by analyzing the specific logic of Impossible Pair’s swap function and cheapSwap function, we found an amazing situation: K value check was performed in the swap function, but the cheapSwap function did not perform the K value check and directly performed the update operation. This led to the attacker performing multiple exchange operations to obtain additional BUSD.

Slow Mist: Analyze the details of the lightning loan attack on Impossible Finance, the BSC DeFi project

Slow Mist: Analyze the details of the lightning loan attack on Impossible Finance, the BSC DeFi project

Attack process

  1. The attacker first borrowed WBNB through PancakeSwap lightning loan and exchanged WBNB into IF tokens.

  2. Create a malicious token contract AAA (BBB), and add AAA token and IF token liquidity to Impossible.

  3. The exchange of AAA tokens to BUSD tokens was carried out through the AAA -> IF -> BUSD path, and an exchange operation between IF tokens and BUSD was performed during the process of transferring AAA tokens into the Pair contract to exchange for IF tokens, and then Then proceed to the normal cheapSwap operation. Finally obtained additional BUSD tokens.

  4. Then repeat the above operations for profit.

to sum up

The core of this attack is that there is no K value check in the cheapSwap function, which causes the attacker to obtain additional tokens by performing multiple exchange operations in one exchange process. The SlowMist security team suggests that the DeFi protocol should fully check and verify its new model in the process of innovation based on reference to other projects to avoid such security incidents.

Reference transaction:

https://bscscan.com/tx/0x0220704a99ddfb982d26e65cc337f26b77dc057930b7aa1d848cc48ec77984a8

Disclaimer: As a blockchain information platform, the articles published on this site only represent the author’s personal views, and have nothing to do with the position of ChainNews. The information, opinions, etc. in the article are for reference only, and are not intended as or regarded as actual investment advice.

Adblock test (Why?)