foreword
foreword
This morning, bZx is suspected to have encountered a second attack. The difference is that this time the target is the ETH/sUSD trading pair, but some people may have doubts, isn’t sUSD a stablecoin against the USD? Can this be attacked? What exactly is the attack method? With such doubts, in view of this incident, the SlowMist security team will review the two attack processes.
In the first attack, the attacker combined the Flash loan and the loan in Compound to attack bZx, which was mainly divided into the following steps:
Borrowed 10,000 ETH from dYdX
Borrowed 112 BTC with 5500 ETH from Compound and prepared to sell
I went to bZx to use 1300 ETH to short with 5 times leverage, and exchanged 51.345576 BTC, and the BTC exchanged here was obtained through Kyber Network. However, Kyber Network finally called Uniswap to obtain the price. After the 5 times leverage was completed, The 51 BTC exchanged back actually raised the price of BTC/ETH in UniSwap, and the exchange price was 1/109, but in fact the price of the market will not be pulled up so much
Use 112 BTC borrowed from Compound to sell in UniSwap, since the 5 times leverage in bZx in the third step has already pushed up the price, so selling ETH at this time must be profitable, and then sold 6871 ETH
Return the loan in dYdX
The second attack is slightly different from the previous one, but the core is to control the price of the oracle machine and make a profit by manipulating the price of the oracle machine.
first level title
Detailed Analysis
The transaction hash of this attack is:
0x762881b07feb63c436dee38edd4ff1f7a74c33091e534af56c9f7d49b5ecac15
Through the analysis on etherscan, we can see that a large number of token transfers occurred in this transaction.
secondary title
1. Pre-competition preparation
secondary title
2. serve
After completing the borrowing from bZx, the attacker started to buy sUSD through Kyber. For the first time, he used 540 ETH to purchase 92,419.7 sUSD. This operation instantly lowered the price of WETH/sUSD and boosted sUSD s price. The conversion ratio of this transaction is about 1:170, and Kyber is finally converted through UniSwap, so the WETH/sUSD of Uniswap is at a low level at this time, and in turn, the sUSD/WETH rises.
After completing the first exchange of 540 ETH, the attacker made 18 small-amount exchanges in Kyber again, using 20 ETH to exchange sUSD each time. We can see from etherscan that the amount of sUSD returned by each exchange is constantly decreasing.
This shows that the price of sUSD/WETH was further pulled up, which exacerbated the price of sUSD/WETH in Uniswap. At this time, the price had reached its peak, about 1:157.
secondary title
3. Hole in one
After completing the promotion of sUSD/WETH, the attacker needs to collect a large amount of sUSD at this time to prepare for the subsequent exchange of WETH. In order to achieve this goal, the attacker initiates the purchase of sUSD from Synthetix. By sending 6000 ETH to Synthetix to purchase sUSD, the sUSD in Synthetix is directly sold out, and the Synthetix contract returns 2482 ETH to the attacker.
secondary title
4. Return the loan
first level title
Post-match review
income
income
7500 =>bZx Flash Loan
+
2482 =>Synthetix returns
+
6792 =>expenditure
=
16774 ETH
expenditure
540 + (20*18) =>Pull up the price of sUSD/WETH
+
6000 =>Short sUSD
+
7500 =>Return the bZx Flash Loan
=
14400 ETH
first level title
defense advice
The main reason for the two attacks was that the drastic price changes of Uniswap eventually led to the loss of assets. This should be a normal market behavior, but through malicious manipulation of the market, attackers can lower the price in various ways, causing losses to the project party. . In response to this kind of profit-making attack by manipulating the market, the SlowMist security team gives the following suggestions:
When the project party uses the oracle machine to obtain external prices, it should set up an insurance mechanism. Every time it exchanges tokens, it should save the exchange price of the current transaction pair and compare it with the exchange price saved last time. Large, the transaction should be suspended in time. Prevent the market from being maliciously manipulated and causing losses.
