API/RSS

Social

Cobo DeFi Security Class (Part 1) : Review of the 2022 DeFi Security Event

23-02-10 14:50

Read this article in 24 Minutes

AI summary

View the summary

原文标题：《 Cobo DeFi 安全课（上）：复盘 2022 DeFi 安全大事件》

Originally written by Max Cobo, Director of Security

At the invitation of Moledao, Cobo Security Director Max recently shared a DeFi security lesson for the community members via the Internet. Max reviewed the major security incidents encountered by Web3 industry in the past year, emphatically discussed the causes of these security incidents and how to avoid them, summarized the security vulnerabilities and preventive measures of common smart contracts, and also gave some security suggestions to the project side and general users. Here, we have divided Max's share into two posts for DeFi lovers to collect.

According to Slow Fog statistics, there were more than 300 blockchain security incidents in 2022, involving a total of $4.3 billion.

The following eight typical cases are explained in detail in this paper. The loss amount of these cases is basically more than $100 million. Although the amount involved in Ankr is small, it is also a relatively typical case.

Ronin Bridge

Review of events:

On March 23, 2022, NFT game Axie Infinity side chain Ronin Network said it had earlier detected breaches of Sky Mavis' Ronin verifier node and Axie DAO verifier node, This resulted in the bridging of 173,600 ETH (currently valued at over $590 million) and USD 25.5 million in two transactions.

The U.S. Treasury Department says the North Korean hacking group Lazarus has been linked to the $625 million hack of the AxieInfinity Ronin Network.

The hackers contacted an employee at Sky Mavis, the developer of Axie Infinity, through linkedin and, after several rounds of interviews, told her she had been hired at a high salary, according to media reports citing people familiar with the matter. The employee then downloaded a fake "Offer" letter presented as a PDF file, which allowed the hacking software to infiltrate Ronin's system, allowing the hackers to attack and take over four of the nine validators on Ronin's network, except for one that the validators could not fully control. Later, the hacker controlled the Axie DAO with unrevoked permissions to achieve the final intrusion.

North Korean hacking groups have been around for a long time, and in the days before Web3 technology took off, there were several news reports of banks or large businesses being hacked. Now, more and more traditional hacker groups, as well as some national forces, have evolved from stealing data and credit card information to attacking blockchain projects for direct practical benefits.

The attack was typical of what is known in traditional security circles as APT, or Advanced Persistent Threat. Once a hacker group has identified a target, it will use social engineering and other methods to control a computer in the target organization as a springboard to further infiltrate and finally achieve the purpose of attack.

This incident also exposed the weak security awareness of Axie Infinity employees and some problems in the company's internal security system.

Wormhole

Review of events:

According to the report issued by Wormhole on this event, the Wormhole vulnerability in this event is that the signature verification code of the core Wormhole contract on Solana has errors, allowing attackers to forge messages from the "guardian" to forge ETH packaged by Wormhole. About 120,000 ETH were lost.

Jump Crypto invested 120,000 Ethereum pieces to compensate for the theft of Wormhole, which is a cross-chain bridge.

Wormhole's problems are primarily at the code level because it uses obsolete functions. On Ethereum, for example, in the early versions of Solidity, some functions were poorly designed and gradually scrapped with subsequent updates. The same is true in other ecosystems. Therefore, developers are advised to use the latest version to avoid similar problems.

Nomad Bridge

Review of events:

The reason why the Nomad bridge is attacked by hackers is that the trusted root of the Nomad bridge Replica contract is set to 0x0 during initialization, and the old root is not inactivated during the trusted root modification. As a result, the attacker can construct arbitrary messages to steal funds from the bridge. The attackers were able to extract more than $190 million in value from the attack.

Hackers used the flaw to find a valid transaction and repeatedly send structured transaction data to extract funds locked across the bridge, resulting in nearly all of the funds locked up on Nomad.

According to PeckShield, some 41 addresses made about $152 million (80%) from the Nomad breach, Including about seven MEV bots (about $7.1 million), Rari Capital hackers (about $3.4 million), and six white hat hackers (about $8.2 million), about 10 percent of ENS domain addresses made $6.1 million.

The Nomad Bridge case is typical, essentially because it was set up with a glitch in initialization. If a hacker finds a batch of valid transactions and re-broadcasts them, the funds involved in the valid transactions will be re-executed, and the proceeds will be returned to the hacker. There are a lot of participants in the whole Ethereum ecosystem. Besides project parties and participants, there are also a lot of MEVs. In this case, when the automated robot discovers the attack transaction whoever broadcasts it gets paid. As long as the Gas rate is covered, everyone broadcasts more, so the whole thing becomes a cash grab. There were a lot of addresses involved in this incident. Although the project side later found the addresses of some ENS and some white hat hackers and recovered part of the funds, the vast majority of the funds were not recovered. If a hacker uses a very clean device, a very clean address, it's very difficult to find out who is behind it from some data correlation point of view.

Although companies like Google, Microsoft, Facebook, Alibaba and Tencent have all been attacked by hackers, their programs are closed-source; In the Ethereum ecosystem, or the smart contract ecosystem as a whole, many programs are open source, and it's actually relatively easy for hackers to analyze open source. So when a project has a bug, it basically declares the project a failure.

Beanstalk

Review of events:

Ethereum-based algorithmic stablecoin project Beanstalk Farms lost about $182 million in the blitz attack, Specific assets include 79,238,241 bean3CrV-Fs, 1,637,956 Beanlusd-Fs, 360,84584 beans and 0.54 Uni-v2_weth_beans. The attackers made more than $80 million, including about 24,830 Ethereum and 36 million beans.

The main reason of this attack is that there is no time interval between the voting and the execution of the proposal, so the attacker can directly execute the malicious proposal without community review after the completion of the voting.

Attack process:

Purchase Token and pledge one day in advance to obtain proposal qualification and create a malicious proposal contract;

通过闪电贷获取大量 Token 投票恶意合约；

Malicious contract execution, complete arbitrage.

Beanstalk 也是很典型的案例，黑客没有用到什么漏洞，只是利用了项目的一个机制。这个项目的机制是任何人抵押 Token 之后可以提交提案，提案也是一个合约。攻击者在实施攻击的前一天买了一定的 Token ，然后提交了一个恶意的提案，提案在 24 小时之后就可以被投票，投完票之后没有任何时间窗口，没有任何时间锁，投票被通过，就可以立刻执行。

现在很多项目都讲社区自治，用纯去中心化的方式，就会出现很多问题。比如提案，每一个提案是否有审核机制？一个提案到底是正常的提案还是恶意的提案？提案如果被通过，闪电贷过来直接抵押投票就有用，还是创建一种机制必须要 staking 一定的时间，甚至是发放投票 Token 才可以？以及提案通过之后到执行这个阶段，到底应不应该有一个时间锁？理论上是应该有的，这样的话大家只要看在时间锁内的操作，给了大家一个出逃的机会，如果没有的话，假如执行的是一个恶意操作，谁也跑不了。

Wintermute

Review of events:

On the morning of September 21, 2022, Evgeny Gaevoy announced on Twitter that Wintermute had indeed used Profanity and an internal tool to create the wallet address in June. The reason for this is to optimize the fee, not just to create a profile, says Wintermute accelerated the process of dropping the old key after learning of the Profanity bug last week. However, due to an internal (human) error, the wrong function was called, so Wintermute did not remove the signature of the infected address and perform the operation.

We can see that there are many numbers with eight zeros in front of them on the Internet. The more zeros in the Ethereum address, the lower the commission. So many MEV preemptive robots and project parties prefer to use them, especially some relatively high frequency operations.

Wintermute 是一家做市商，当时他们把很多 Token 发到一个合约里，用靓号生成程序生成合约地址。这个合约的 Owner 也是一个靓号，刚好非常不巧的是这个 Owner 靓号私钥被人给强算出来了，合约里的钱直接都被转走了。

When we use an open source tool on the web, we must be prepared for some negative consequences. When using an external program, it is highly recommended that you perform a relatively adequate security assessment.

Harmony Bridge

Review of events:

Horizon lost more than $100 million across the bridge, including more than 13,000 Ethereum and 5,000 BNBS.

Harmony's founders claim the Horizon hack was caused by a private key leak.

A suspected North Korean hacking Group known as Lazarus Group is believed to be behind the theft of $100 million from Harmony's cross-link bridge Horizon, according to a new analysis by blockchain research firm Elliptic, Bloomberg reports. Elliptic's analysis highlighted key factors in the hack that point to Lazarus Group, including the automatic deposit of Tornado.Cash to simulate the programmed money laundering of Ronin Bridge and the timing of the theft.

Harmony didn't release specific details of the incident, but the last report said it was probably a North Korean hacker group, and if it was a North Korean hacker group, it would be consistent with the Ronin Bridge attack. North Korean hacking groups have been very active in recent years, especially in the currency industry, and many companies have been hit by phishing attacks.

Ankr

Review of events:

Ankr: Deployer update the agreement. Ankr: Deployer transferred BNB to Ankr Exploiter. Ankr Exploiter mints coins through the minting method of the updated contract. Be cast out of thin air Ankr: Deployer update contract.

Ankr: Deployer transferred BNB to Ankr Exploiter.

Ankr Exploiter mints coins through the minting method of the updated contract.

10 trillion pieces of aBNBc were minted out of thin air. Hacker A exchanged 5 million pieces of USDC from aBNBc through PancakeSwap and emptied the trading pool, resulting in almost zero aBNBc. ", Hacker A then moved the coins to Ethereum and into Tornado Cash.

About half an hour after hacker A made coins, aBNBc plummeted, creating an arbitrage opportunity. Arbitrageur B took advantage of the setting of the 6-hour average overtime weight of Helio's prophecy machine in the loan agreement, and converted aBNBc into hBNB by taking advantage of the price difference between ABNBC in the market and Helio system. In addition, hBNB pledge was exchanged for stablecoin HAY, which was exchanged for BNB and USDC. In total, more than 17 million USD equivalent stablecoin and BNB were drawn out, and HAY's trading pool was basically emptied.

Ankr will use its $15 million recovery fund to buy additional HAY to compensate victims of the attack

The overall loss of Ankr is small, let's talk about it separately. Since many DeFi projects are made of Lego bricks, A depends on B, B depends on C, and so on, when there is a problem in one link of the chain, it may affect all the upstream and downstream parts of the chain.

Ankr later published a post explaining the cause of the incident, which it blamed on a former internal employee. Otherwise, the Staking contract Owner is staking. First, the staking contract owner is an EOA account instead of staking. The staking owner essentially controls the smart contract if he holds the private key. And Deployer's private keys are controlled by the core staff and are available even after they leave. Which means the whole internal security system basically didn't work.

Mango

Review of events:

The hackers used two accounts with a total of $10 million in initial funds. The first step is to transfer $5 million to addresses A and B of Mango's trading platform. Second, the hacker used the address of A to short Token MNGO, a platform of MNGO perpetual contract, on Mango. The opening price was $0.0382 and the short single position was 483 million. At the same time, the hacker in B used two accounts with a total of $10 million in initial funds.

The first step is to transfer $5 million to addresses A and B of Mango's trading platform.

Second, the hacker used the address of A to short Token MNGO, a platform of MNGO perpetual contract, on Mango. The opening price was $0.0382 and the short single position was 483 million. At the same time, the hacker went long MNGO at address B, opening a position of $0.0382, with a multiple single position of 483 million. (The reason for the double-short opening is that Mango's platform has a poor depth, and it would be difficult to open such a high position without making counterorders by ourselves)

Third, the hacker turns around and pulls the spot price of MNGO on FTX and Ascendex, resulting in a 5-10fold increase in the price. The price is transmitted to the Mango trading platform through Pyth prediction machine, which further pushes up the price. In the end, the price of MNGO on Mango's platform rose from $0.0382 to as high as $0.91.

Fourth, the hacker's long position yield is 483 million *(0.91 USD - 0.0382 USD)= 420 million USD, and the hacker borrows from Mango using the net assets of the account. Thankfully, the platform was illiquid, and the hackers only ended up lending nearly $115 million

After the attack, the hackers released a new proposal, saying they wanted officials to use Treasury funds ($70 million) to pay off the bad debts of the agreement. It is understood that Treasury funds currently stand at about $144 million, including $88.5 million worth of MNGO tokens and nearly $60 million in USDC. The hackers said that if the authorities agree to the plan, they will return some of the stolen money, and hope that there will be no criminal investigation or freezing of funds. "If this proposal passes, I will send MSOL, SOL and MNGO in this account to the address published by the Mango team. The Mango Treasury will be used to cover the remaining bad debts in the agreement and all users of the bad debts will be fully compensated...... Once the tokens are returned as described above, there will be no criminal investigation or freezing of funds."

According to CoinDesk, Avraham Eisenberg, the previously identified Mango attacker, was arrested in Puerto Rico on December 26, 2022. Avraham Eisenberg faces commodity fraud and commodity manipulation charges, The charges are punishable by fines and jail time.

The Mango incident can be defined as a security incident or an arbitrage behavior, because the problem is not a security flaw, but a business model flaw. Its trading category includes currencies with high market value such as BTC and ETH, as well as small currencies such as MNGO, which may raise the currency price with a small amount of money in a bear market when liquidity is insufficient. Such currency price manipulation behavior makes position management of the platform of perpetual contracts very difficult.

Therefore, as the project side, it is necessary to fully consider the various scenarios, and when testing, it is necessary to include all scenarios that exceed expectations in the test case.

As an ordinary user, when participating in a project, we should not only focus on the benefits, but also consider the safety of the principal. Aside from the security vulnerabilities, take a hard look at its business model and see if there are any vulnerabilities that could be exploited.