$200 million in losses traced to Euler Finance hack

2023-03-17 14:49

Read this article in 22 Minutes

This paper analyzes and traces the Euler Finance attack event that occurred on March 13, 2019.

原文标题：《 2 亿美金损失，Euler Finance 黑客攻击溯源》

Original author: 0xNorman

This article mainly analyzes and traces the Euler Finance attack event that occurred on March 13, 2019. It is hoped to serve as a warning and reflection to project parties, investors, security engineers and the whole blockchain industry.

analysis

The key factor that causes Euler Finance to be attacked is the variable healthScore. This is a variable used to measure the health of a user's assets. In a normal transferFrom () function equation, this variable is used as a constraint to prevent bad debts. But ineIP-14No such limit was found in the introduced donateToReserves() function. This means that users can donate money to Euler at will and have their accounts go bad.

In addition, Euler's liquidation process includes a liquidation discount. When a liquidator liquidates an insolvent account, a discount is given based on the account's health score. The lower the health score, the bigger the discount.

If insolvency is severe, the liquidator may get the collateral without paying any debts.

Trace back toEtoken.donateToReserves()The lack of a health score audit results in a situation where users can become insolvent.

inliquidate ()Its design of a liquidation discount with a health score allows anyone to liquidate an insolvent account and get collateral and convert it into cash without paying off the debt.

Attack details

The attacker's trading details can be found atEtherscanView on the following is restore.

Step 1: Create an insolvent account

Save 20 million DAI as eDAI

I'll take 20 million eDAI as collateral, and I'll lend out 200 million eDAI

Repay 10 million DAI (to improve health score and borrow again)

Let's lend out another 200 million eDAI

Donate ED100 million so assets and debts are ED320 million and dDAI 390 million respectively.

Here the attacker first created an account with a huge mortgage and debt, the mortgage was ED420 million (deposited 20 million, borrowed 200 million twice) and the debt was dDAI 390 million (borrowed 400 million, repaid 10 million).

The attackers then donated 100 million eDAI, resulting in 70 million bad debts (320 million eDAI- 390 million dDAI), and the account is currently insolvent.

Step 2: Liquidate the account

Call the Liquidation.liquidate() function

RiskManager.com puteLiquidity () is called to calculate the settlement discounts

Since the insolvency account is deeply in debt, the effective liquidation discount is 20%.

By assuming the dDAI debt of 254 million, the liquidator gets 317 million eDAI (2.54/3.17==0.8).

The liquidator withdrew ED38.9 million (the maximum amount that could be withdrawn) without paying the debt.

Through liquidation, the mortgage and liabilities of the insolvency account are transferred to the liquidator's account, but the liabilities are discounted while the mortgage is not. So $70 million of bad debt turned into $60 million of profit. At Euler finance's expense, of course.

The attackers launched several of the same attacks with other types of tokens, which ended up costing Euler finance a lot.

summarize

The main reason for the attack was that the donation function was not designed with health scores in mind, allowing attackers to create bad accounts and price debts. Euler finance was brought down by a bounty.

From the point of view of decentralized protocol design, new code and business logic should be introduced to consider the fit with the previous code, otherwise even seemingly harmless donations can become a high-risk vulnerability.

From a security point of view, the newly introduced code is audited by some of the top security engineers on the Sherlock platform. But an audit doesn't mean there are no loopholes, even for the best experts. Therefore, it is recommended that the project partner always work with the security audit firm while developing and upgrading the project, and monitor the contract for abnormal behavior. A regular bug bounty would be even better. More eyes, more security.

Make this world a better place by one commit each time