More than $10 million was stolen from the DeFi Yearn Finance project

原文标题：《  被盗超 1000 万美元，Yearn Finance 如何被黑客「盯上」？ 》

原文来源： Beosin

On April 13, 2023, according to Beosin-Eagle Eye situational awareness platform, yusdt contracts of Yearn Finance were raided by hackers who made more than $10m in profit.

https://eagleeye.beosin.com/RiskTrxDetail/0xd55e43c1602b28d4fd4667ee445d570c8f298f5401cf04e62ec329759ecda95d

The Beosin security team shared a brief summary of the incident with you during the day in the form of a quick update, and now we share the long version as follows:

Event related information

Attack transaction

0xd55e43c1602b28d4fd4667ee445d570c8f298f5401cf04e62ec329759ecda95d

0x8db0ef33024c47200d47d8e97b0fcfc4b51de1820dfb4e911f0e3fb0a4053138

0xee6ac7e16ec8cb0a70e6bae058597b11ec2c764601b4cb024dec28d766fe88b2

Attacker address

0x5bac20beef31d0eccb369a33514831ed8e9cdfe0

0x16Af29b7eFbf019ef30aae9023A5140c012374A5

Attack contract

0x8102ae88c617deb2a5471cac90418da4ccd0579e

Attack flow

Below to

0 xd55e43c1602b28d4fd4667ee445d570c8f298f5401cf04e62ec329759ecda95d analysis as an example.

1. The attacker first borrowed 5 million Maker: Dai Stablecoin, 5 million USD, and 2 million Tether: USDT Stablecoin as the attack principal through a lightning loan.

2. The attacker calls the repay function of the aave pool contract to repay the debts of others. This step is to reduce the yearn:yUSDT Token aave pool's priority (yearn: yUSDT Token contracts will decide which pool to put money into based on returns).

3. The attacker then calls the deposit function of the yearn: yUSDT Token contract to pledge 900,000 Tether: USDT Stablecoin, this function will cast yUSDT of the relative amount for the caller according to the amount of pledge. The calculation method is related to the balance of various tokens in the pool. In the figure below, yUSDT of 820,000 is cast for the attacker.

4. At this point, there are 900,000 Tether: USDT Stablecoin and 130,000 Aave: aUSDT Token V1 in the contract

5. The attacker then exchanges $150,000 for bZx USDC iToken, which he sends to yearn: yUSDT Token contract. At this time, there is 1.18 million funds in the contract, and the attacker has 90/103 shares, which means he can withdraw 1.03 million funds.

6. Subsequently, the attacker calls the withdraw function of the yearn: yUSDT Token contract to withdraw pledged funds, so that only 900,000 Tether: USDT Stablecoin and the initial 130,000 Aave are in the contract. aUSDT Token V1 and 150,000 bZx USDC iToken transferred by the attacker. If there are not enough tokens in one pool, tokens from subsequent pools will be extracted in order. At this point, the attacker will add 900,000 Tether: USDT Stablecoin and 130,000 Aave: aUSDT Token V1 are extracted. After this operation, there is only 150,000 bZx USDC iToken in the contract.

7. The attacker then calls that: rebalance the yUSDT Token contract. This function will extract tokens from the current pool and pledge them to another pool with higher returns. Due to step 2, the contract will extract USDT and USDC and add them to the pool with higher returns. However, the current contract only has bZx USDC iToken, and only USDC can be extracted. After extraction, it will be re-invested to other USDT pools, and the re-investment will be skipped at this time.

8. The attacker transfers 1 unit of Tether: USDT Stablecoin into the pool and again calls the deposit function of the yearn: yUSDT Token contract to pledge 10,000 Tether: USDT Stablecoin: Due to the operation in step 7, the contract has taken out all the money in the pool and cannot add it to the new pool. As a result, the variable pool is calculated as the 1 that the attacker drives into the pool, and the pool as the divisible will calculate a huge value. 1.25*10^15 YusDts were cast at the attackers.

9. Finally, the attacker used yUSDT to exchange all the other stablecoins and return them to the Flash loan.

Vulnerability analysis

This attack mainly takes advantage of yUSDT Token contract configuration error. Only USDT (token is USDT) is used to add the number of pools during rebalance re-selection, and USDC cannot add pools. As a result, the attacker uses USDC to "consume" all the USDTs of the contract, and the pool balance becomes zero, thus creating a large number of tokens.

Money tracking

At the time of publication, the Beosin KYT anti-money Laundering analysis platform found that some $11.5 million in stolen funds had been transferred to Tornado cash, with the rest stored at the attackers' addresses.

summarize

In response to this incident, the Beosin security team recommends strict checks during initial configuration. At the same time, it is recommended to select a professional security audit company to conduct a comprehensive security audit before launching the project to avoid security risks.

Original link

欢迎加入律动 BlockBeats 官方社群：

Telegram 订阅群：https://t.me/theblockbeats

Telegram 交流群：https://t.me/BlockBeats_App

Twitter 官方账号：https://twitter.com/BlockBeatsAsia