Recently, PeckShield monitored that the DeFi protocol Origin Protocol stablecoin OUSD was attacked. The attacker used the flash loan on the derivatives platform dYdX to carry out a re-entrancy attack (Re-entrancy attack), causing losses worth $7.7 million in ETH and DAI .
Re-entrancy attack is one of the most classic attack methods on Ethereum smart contracts. The famous theft of the DAO is that the attacker used re-entrancy attack to cause a hard fork of Ethereum and lost $50 million worth of ETH.
Since April this year, DeFi projects have frequently encountered reentrancy attacks. On April 18, hackers exploited the compatibility flaws of Uniswap and ERC777 standards to carry out re-entry attacks; on April 19, Lendf.Me also suffered a similar re-entry attack; on November 14, hackers used the SavingsModule contract of the Akropolis project in A certain defect in the processing of user storage assets has implemented 17 consecutive re-entry attacks and lost 2.03 million DAI.
secondary title
The re-entry attack reproduces the creation of 20.5 million OUSD out of thin air
Through tracking and analysis, PeckShield found that first, the attacker lent 70,000 ETH from dYdX flash loan;
Subsequently, 17,500 ETHs were first converted into 7.85 million USDTs in UniswapV2, and then the remaining 52,500 ETHs loaned were converted into 20.99 million DAIs;
Next, the attacker minted the OUSD stablecoin in four passes:
When minting OUSD for the first time through the mint() function, the attacker did deposit 7.5 million USDT in the Origin smart contract and obtained 7.5 million OUSD;
When minting OUSD through the mintMultiple() multiple stablecoin function for the second time, the attacker deposited 20.5 million DAI and 0 fake "stablecoins" in the Origin smart contract, and attacked the contract through a reentry attack in this step . The attacker deposits 20.5 million DAI and 0 fake "stable coins" into the VaultCore. At this time, the smart contract receives 20.5 million DAI. When trying to receive 0 fake "stable coins", the attacker uses a malicious contract to hijack , before the smart contract started to mint 20.5 million OUSDs, the mint() function was called to maliciously issue 20.5 million OUSDs. This malicious issuance was implemented by calling the rebase() function in the VaultCore contract.
It is worth noting that, in order to successfully implement the hijacking, the attacker deposited 2,000 USDT in real money when the above mint() function was called, and at the same time obtained the third coinage of 2,000 OUSD. Then, call the oUSD.mint() function to mint 20.5 million OUSD for the fourth time.
Rebase refers to the elastic adjustment process of the token supply, that is, to "reset" the token supply. In the DeFi field, there is a type of token with an elastic supply mechanism, that is, the wallet balance and the total amount of tokens of each token holding user will change in proportion to the change in the price of the token. At this point, the attacker obtained a total of 28.002 million OUSD, including mortgaged 7.5 million USDT, 20.5 million DAI, and 2,000 USDT. Due to calling the rebase() function, the total amount of OUSD obtained by the attacker rose to 33,269,000.
Finally, the attacker first redeemed 19.5 million DAI, 9.4 million USDT, and 3.9 million USDC with the obtained 33,269,000 OUSD; then converted 10.45 million USDT into 22,898 ETH and 3.9 million USDC in Uniswap For 8,305 ETH, exchange 1.9 million DAI for 47,976 ETH, a total of 79,179 ETH, and return 70,000 ETH to the dYdX flash loan.
According to PeckShield statistics, the attackers made a total profit of 11,809 ETH and 2,249,821 DAI in this attack, totaling $7.7 million.
Regarding the attack, Origin Protocol officially responded that it is actively taking measures in order to recover the funds.
With the vigorous development of the DeFi ecosystem, hidden security issues have gradually emerged. Since DeFi-related projects are closely connected with user assets, their security issues need to be resolved urgently.
In this regard, the relevant person in charge of PeckShield said: "The occurrence of such re-entry attacks is mainly due to the fact that the contract does not perform whitelist verification on the Token stored by the user. DeFi is a 'building block combination' composed of multiple smart contracts and applications. Its overall security is intertwined. The platform side must not only ensure that there is a solid code audit and vulnerability investigation before the product goes online, but also consider potential systemic risk control issues due to their different business logic when combining different products. .”
