On August 18, 2023, According to Beosin EagleEye monitoring, the Exactly Protocol on Optimism was attacked for $7.3 million.

According to Exactly Protocol, they were “trying to communicate with the attackers to return the stolen assets. Police reports have already been filed”. On Aug 20, the protocol was unpaused, users were able to perform all operations, and no liquidations have occurred.

Here’s the analysis of the exploit.

Related Info

● Attack Txs

0x3d6367de5c191204b44b8a5cf975f257472087a9aadc59b5d744ffdef33a520e

0x1526acfb7062090bd5fed1b3821d1691c87f6c4fb294f56b5b921f0edf0cfad6

0xe8999fb57684856d637504f1f0082b69a3f7b34dd4e7597bea376c9466813585

● Attacker’s address

0x3747dbbcb5c07786a4c59883e473a2e38f571af9

● Attack contracts

0x6dd61c69415c8ecab3fefd80d079435ead1a5b4d

0x995a24c99ea2fd6c87421d516216d9bdc7fa72b4

● Victim contracts

0x16748cb753a68329ca2117a7647aa590317ebf41

Vulnerability Analysis

Multiple market address parameters in the vulnerable contract could be manipulated. The attacker passed in a malicious market contract address, bypassing the permit check, and executed a malicious deposit function to steal the user's USDC collateral and liquidate assets, ultimately achieving profit for the attacker.

Attack Flow

Take the tx 0x3d6367…520e as an example.

Main Steps

Bypass permit check to change _msgSender to victim -> Re-enter to steal victim’s assets -> Liquidate victim’s assets

Attack Preparation Phase:

The attacker created multiple malicious Market contracts.

Attack Phase

1. The attacker calls the leverage function of the vulnerable contract and passes in a forged market contract address. Since the market address is not verified, the permit check is bypassed and _msgSender is changed to the victim's address.

2. The leverage function will continue to call the deposit function in the malicious market contract, executing the attacker's malicious code.

3.The malicious code in the deposit function will first create a malicious V3 token/USDC pool, and then re-enter the crossDeleverage function in the vulnerable contract. Since both marketIn and marketOut are controllable, it results in the V3 pool calculated by the crossDeleverage function becoming the V3 pool created by the attacker.

4.At this point, since _msgSender has been modified to the victim's address, the crossDeleverage function further calls the swap function of the V3 pool created by the attacker as a flash loan, and transfers the victim's funds into the V3 pool in the uniswapV3callback callback function.

5.The attacker removes liquidity to drain the victim's funds from the V3 pool.

6.Since the victim's deposited funds were transferred away, meeting the liquidation criteria, the attacker further liquidates the victim's position to gain more attack proceeds.

Fund Flow

As of this writing, the stolen funds have been bridged cross-chain to Ethereum via the Optimism bridge and Across Protocol.

Summary

It is recommended that contract addresses used as LP tokens be whitelisted to prevent malicious manipulation. Currently, Beosin has conducted security audits for multiple projects on Optimism such as DIPX, so Beosin recommends that projects undergo comprehensive security audits by professional security audit firms before launch to mitigate security risks.

About Beosin

Beosin is a leading global blockchain security company co-founded by several professors from world-renowned universities and there are 40+ PhDs in the team, and set up offices in 10+ cities including Hong Kong, Singapore, Tokyo and Miami. With the mission of “Securing Blockchain Ecosystem”, Beosin provides “All-in-one” blockchain security solution covering Smart Contract Audit, Risk Monitoring & Alert, KYT/AML, and Crypto Tracing. Beosin has already audited more than 3000 smart contracts including famous Web3 projects PancakeSwap, Uniswap, DAI, OKSwap and all of them are monitored by Beosin EagleEye. The KYT AML are serving 100+ institutions including Binance.

Contact

If you need any blockchain security services, welcome to contact us:

Official Website Beosin EagleEye Twitter Telegram Linkedin