Feast for 'scientists': Cheese Bank's $3.3 million walk away

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

Feast for 'scientists': Cheese Bank's $3.3 million walk away

PeckShield

2020-11-17 10:38

本文约2438字，阅读全文需要约10分钟

Scientists' wool-sweeping game will go on indefinitely, how will DeFi hold the last line of defense?

In November of this year, the total lock-up volume of decentralized finance (DeFi) reached a new high, breaking through $1.6 billion. DeFi, which claims that everyone is fair and can participate, has attracted much attention this year by absorbing tens of billions of funds to enter the market. However, at the same time, a group of people have appeared. It is nicknamed "scientist" in the currency circle.

According to PeckShield statistics, since this year, there have been many security incidents in which "scientists" squeezed DeFi wool. In February of this year, some "scientists" used the DeFi loan protocol bZx to obtain more than 100,000 book profits through a transaction; in October, attackers used flash loans to attack the Harvest. Attackers used flash loans to attack Value DeFi's MultiStablesVault pool, causing the platform to lose nearly $7.4 million worth of DAI.

The "scientists" in DeFi can be compared to the technical wool party of the Internet. In the mobile Internet subsidy war, the professional wool party came into being. A mobile phone number can only be registered once to enjoy a discount, and these professional wool parties have opened up an industrial chain of raising cards, registering accounts, receiving SMS verification codes, and collecting wool.

In the world of DeFi, "scientists" program "borrowing, transfer (execution), and repayment" into a transaction sent to a smart contract, so as to achieve extremely low or even zero cost in each DeFi protocol Carry out high-value arbitrage among them, or use composability loopholes to attack and steal huge amounts of money.

secondary title

$3.3 million swindled

image description

Loan 21,000 ETH via dYdX Flash Loan

image description

Exchange 50 WETH for 107,000 CHEESE in UniswapV2

image description

Mortgage 107,000 CHEESE and 78 ETH in UniswapV2 to provide trading liquidity

It is reported that Cheese Bank launched version 2.0 of the lending agreement in October this year. Version 2.0 supports the innovative liquidity certificate (LP Tokens) mortgage lending function. The attacker obtained the UNI_V2 LP certificate in the previous step, which is beneficial for him to lend other encrypted assets on Cheese Bank.

image description

Convert the obtained collateral UNI_V2 LP vouchers into sUSD_V2 vouchers

image description

Raise the price of CHEESE

image description

Reset the price feed oracle to manipulate the price of UNI_V2 LP tokens

The attacker borrowed USDC, USDT and DAI worth 3.3 million US dollars through the previous step, that is, increasing the price of the UNI_V2 LP certificate, and successfully transferred it from the Cheese Bank to take it into his pocket. At this time, he only needs to transfer all Just repay the loaned 21,000 ETH.

image description

A total of 2 million USDC, 1.23 million USDT and 87,000 DAI

And transfer the assets obtained by this attack from the address of 0x02b7 in batches.

image description

Return the dYdX Flash Loan

image description

An attack crafted by "scientists"

On the DeFi wave, most of the profitees are "scientists" and big investors. Technology and capital are their capital, and security is the only favorable line of defense for DeFi projects. Scientists' wool-sweeping game will go on indefinitely, how will DeFi hold the last line of defense? PeckShield will continue to monitor closely.