May 09, 2022
Beosin’s Detailed Analysis of Fortress’s Oracle Manipulation Attack
On May 9, 2022, according to Beosin EagleEye, Fortress’s Chain contract of FortressPriceOracle was exploited for about 1028.1 ETH and 400,000 DAi by an oracle manipulation attack. Beosin security team analyzed the incident and the findings are shown below.
Fortress Credit and Lending (Fortress) is an algorithmic money market and synthetic stable coin protocol designed to bring secure and trustless credit and lending to users. The official website: https://fortress.loans/
- The attacker withdraws 20ETH from Tornado.cash, deposits 12.4ETH into Celer network and then transfers to the attack contract.
2. The attacker uses the deployed contract to submit a malicious price to make the FTS value extremely high, and then uses the increased value of the FTS to swap out all tokens from FBep20Delelgator.
3. The attacker submits a change in the FTS price when launching the attack, at which point the Oracle calls the function in the chain to get the price.
4. Chain’s submit function used for dpos permissions validation is commented, and the value of power = 0. As long as the signature is passed, any address can successfully submit and change the price.
5. The attacker finally swaps the stolen funds into ETH.
This attack mainly exploits the vulnerability that the data source Chain obtained by Oracle does not validate power, thus manipulating the collateral price.
As of this writing, the attack contract was self-destructed. The stolen 1048.1 ETH and 400,000 DAI were deposited into TornadoCash.
In response to this incident, Beosin security team recommends:
1. Validating the source of the price data acquired by Oracle is important. It is recommended to use TWAP.
2. Before the project goes live, it is highly recommended to choose a professional security audit company for a comprehensive security audit to avoid security risks.
If you have need any blockchain security services, please contact us:
Join Coinmonks Telegram Channel and Youtube Channel learn about crypto trading and investing
Related Project Secure Score
Guess you like
What is the impact on Web3 after LUNA’s crash and DeFi “fled” ?
May 13, 2022
Beosin Has Completed Security Audit Service of Alpha Quark: No Critical
May 05, 2022
Loss Exceeds $80M Due to Reentrancy Vulnerability in Contract
April 30, 2022
Monthly Recap: More than 21 Typical Security Incidents Occurred in April 2022
April 29, 2022