May 09, 2022

Beosin’s Detailed Analysis of Fortress’s Oracle Manipulation Attack

On May 9, 2022, according to Beosin EagleEye, Fortress’s Chain contract of FortressPriceOracle was exploited for about 1028.1 ETH and 400,000 DAi by an oracle manipulation attack. Beosin security team analyzed the incident and the findings are shown below.

Fortress Introduction

Fortress Credit and Lending (Fortress) is an algorithmic money market and synthetic stable coin protocol designed to bring secure and trustless credit and lending to users. The official website:

Relevant Information

Transaction hash:


Hacker address:


Hacker contract:


Victim contract:


Exploitation Flow

  1. The attacker withdraws 20ETH from, deposits 12.4ETH into Celer network and then transfers to the attack contract.

2. The attacker uses the deployed contract to submit a malicious price to make the FTS value extremely high, and then uses the increased value of the FTS to swap out all tokens from FBep20Delelgator.

3. The attacker submits a change in the FTS price when launching the attack, at which point the Oracle calls the function in the chain to get the price.

4. Chain’s submit function used for dpos permissions validation is commented, and the value of power = 0. As long as the signature is passed, any address can successfully submit and change the price.

5. The attacker finally swaps the stolen funds into ETH.

Vulnerability Analysis

This attack mainly exploits the vulnerability that the data source Chain obtained by Oracle does not validate power, thus manipulating the collateral price.

Fund Tracing

As of this writing, the attack contract was self-destructed. The stolen 1048.1 ETH and 400,000 DAI were deposited into TornadoCash.


In response to this incident, Beosin security team recommends:

1. Validating the source of the price data acquired by Oracle is important. It is recommended to use TWAP.

2. Before the project goes live, it is highly recommended to choose a professional security audit company for a comprehensive security audit to avoid security risks.


1. VaaS — Automatic Detection Tool , Make Your Smart Contract Secure In Web3.0

2. How to Ensure the Security of NFT Under the Web 3.0 Boom?

3. DEUS Finance Suffered its Second Flashloan Attack This Year: Beosin’s Detailed Analysis

4. Beosin Has Completed Security Audit Service of Crypto LEGO ALG

5. Beosin Has Completed Security Audit Service of MasterChefV2 and cake-pool Contracts in PancakeSwap

6. 「RECAP」AMA About How to Keep Your Smart Contract Secure During Development With Beosin VaaS


If you have need any blockchain security services, please contact us:

Website Email Official Twitter Alert Telegram LinkedIn

Join Coinmonks Telegram Channel and Youtube Channel learn about crypto trading and investing

Also, Read

Related Project

Related Project Secure Score

Guess you like
Learn More
  • What is the impact on Web3 after LUNA’s crash and DeFi “fled” ?

    May 13, 2022

  • Beosin Has Completed Security Audit Service of Alpha Quark: No Critical

    May 05, 2022

  • Loss Exceeds $80M Due to Reentrancy Vulnerability in Contract

    April 30, 2022

  • Monthly Recap: More than 21 Typical Security Incidents Occurred in April 2022

    April 29, 2022

Join the community to discuss.