Analysis of DeFi Protocol Warp Finance "Oracle Machine" Attack Event

Original title: "Intensive Analysis of DeFi Protocol Warp Finance "Oracle" Attack Event"

Original source: Beosin Chengdu Lianan

At about 6:00 on December 18, Beijing time, the DeFi lending agreement Warp Finance was hacked, causing nearly $8 million in asset losses.

At the same time, Warp Finance officially tweeted that it is investigating illegal loans and recommends that users suspend stablecoin deposits until the truth of the incident becomes clear.

After receiving an alarm from the blockchain security situational awareness platform (Beosin-Eagle Eye), the Chengdu Lianan team immediately responded to the attack. The investigation found that:

1. Warp Finance uses the relative price of Uniswap trading pairs as the price feed source for its oracle.

2. After learning about this situation, the attacker manipulated the price of Uniswap trading pairs by using the huge amount of funds obtained from the flash loan.

3. By controlling the oracle machine to feed price source information, the attacker destroyed Warp Finance's loan value judgment standard.

4. Under the wrong data environment of Warp Finance, the attacker stole assets far exceeding the value of the collateral.

5. The attacker returned the money borrowed from the flash loan.

Attack transaction address

0x8bb8dc5c7c830bac85fa48acad2505e9300a91c3ff239c9517d0cae33b595090

Analysis of the attack process

The attacker first used Uniswap for flash loans, and adopted a mosaic (continuous operation before repayment) method, WETH loans were carried out in WBTC2, USDC3 and USDT2 pools respectively, as shown in the figure below:

Afterwards, In order to expand the amount of funds used for the attack, the attacker conducted a flash loan on dYdX. As shown in the figure below:

At this time, the scale of the loaned funds has reached nearly 200 million US dollars. Next, the attacker injected liquidity into the DAI 2 trading pool of Uniswap, and obtained the liquidity token LP, as shown in the following figure:

Then, mortgage the obtained LP tokens in the Warp Finance contract, the transaction and code are as follows:

p>

After completing the mortgage, the attacker used the borrowed funds to exchange all the DAI in the Uniswap DAI 2 pool, As shown in the picture below:

After the above "preparatory work" is completed, the price has been manipulated. On the other hand, Warp Finance’s oracle price feed source is price data from Uniswap LP tokens, the code is as follows:

LP Token Price Algorithm

（Price of A Token×Holding Amount in A Token Pool+Price of B Token×B holdings in token pool)/total amount of LP tokens

Among them, the price of A token and B token is determined by Uniswap's "correspondence Tokens and Stablecoins" trading pair is calculated.

Therefore, in the above case, the prices of A and B tokens are at normal levels, while the relative prices of A and B tokens in the trading pair have occurred abnormal. This is because Uniswap uses a constant product market maker mechanism, that is, A×B=K. When there is a large amount of exchange for a certain token, there will be huge slippage, resulting in a price difference.

Assumptions: A=A Token Amount; B=B Token Amount; AP=A Token Price; BP=B Token Price

Known: A×B=k (K is constant when no liquidity is added); Warp price=(AP×A+BP×B)/totalLP

Because both AP and BP are constant in this event, we can set AP=X1×BP and simplify to get Warp price=((X1×K)/B+ B) ×BP/totalLP

It can be concluded that X1×K , BP and totalLP are constant in the attack, and as the number of B increases, LP prices will increase.

The attacker took advantage of this and used the huge amount of funds obtained from the flash loan to add a large amount of liquidity of one of the tokens in the transaction pool, forcing Another type of token also surged, causing an imbalance in the price of LPs. Since the LP price has been manipulated and is at a high level, the attacker can lend out more assets than normal.

After that, the attacker makes a loan by calling the following function.

After successfully controlling the mortgage price, the attacker can use the wrong price data to lend far more than the mortgage Commodity value assets, from which to obtain huge profits. Finally, the attacker returned the flash loan, as shown in the following figure:

Summary of the incident

Obviously, this is another typical oracle attack incident initiated by a huge amount of flash loan. Chengdu Lianan once wrote that Among the many attack methods of hackers, the "oracle machine" price feeding control is the invisible "culprit".

At the same time, Chengdu Lianan also solemnly reminds DeFi developers that they should strengthen the targeted testing of oracles, especially when the project is launched Beforehand, simulate various scenarios of price manipulation attacks as much as possible, discover problems in time and find out solutions, and effectively improve the project's ability to resist oracle attacks.

After just one month, the huge property loss once again warned us that in the field of blockchain, security protection is particularly important, and many system security vulnerabilities belong to It is hard to guard against. Therefore, we must take active measures to form a continuous and effective protection plan in order to avoid problems in advance to the greatest extent.

In addition, if there are any technical problems in security during the operation of the DeFi project, it is an effective way to adopt third-party security technology solutions. Finally, Chengdu Lianan once again appealed to strengthen regular security testing of project oracle machines and other aspects to prevent such incidents from happening again.

Original link

欢迎加入律动 BlockBeats 官方社群：

Telegram 订阅群：https://t.me/theblockbeats

Telegram 交流群：https://t.me/BlockBeats_App

Twitter 官方账号：https://twitter.com/BlockBeatsAsia