This week, the "scientists" (hackers who use their technical strength and knowledge threshold to specialize in DeFi's wool) are very busy.

text

secondary title

According to CCTV, from the perspective of return on investment, cryptocurrency is the real "number one" investment product this year. The Bloomberg Galaxy Crypto Index rose about 65%, outpacing a more than 20% gain in gold prices and yields in global equities, bonds and commodities markets. A key reason for the high increase is the skyrocketing price of Ethereum, which rose by 169.40%.

CCTV explained: "The rise in the price of Ethereum is due to the increase in the use of decentralized financial tools (DeFi) and the huge stimulus measures introduced by various countries after the epidemic, so that investors choose Bitcoin, Ethereum and other cryptocurrencies for investment. Preserve value."

On the one hand, the cryptocurrency market frequently sends out good news; on the other hand, DeFi projects are frequently attacked because they have not been strictly audited.

what happened?

what happened?

Through tracking and analysis, PeckShield found that the attacker queried the asset balance of USD 19.72 million through the StrategyCmpdDaiV2.getSuppliedUnleveraged() function;

Then, the attacker extracts all the DAI in StrategyCmpdDaiV2 to Pickle Jar by exploiting the input validation vulnerability: this vulnerability is located in the ControllerV4.swapExactJarForJar() function, which contains two predetermined fake Jars. In the case where a given Jar is not verified, this step will extract all deposited DAI to a Pickle Jar for the next round of deployment.

Next, the attacker calls the earn() function to deploy the extracted DAI into StrategyCmpdDaiV2. In the internal buffer management, the hacker called the earn() function three times, generating a total of 950,818,864.8211968 cDAI in StrategyCmpdDaiV2;

Call the earn() function for the first time to deposit 19.76 million DAI and mint 903,390,845.43581639 cDAI;

Call the earn() function for the second time to deposit 988,000 DAI and mint 45,169,542.27179081 cDAI;

text

Call the earn() function for the third time to deposit 49,000 DAI and mint 2,258,477.11358954 cDAI;

Then, the attacker calls the ControllerV4.swapExactJarForJar() function to extract all the cDAI in StrategyCmpdDaiV2 by using arbitrary code execution. In this step, the _execute() function has two parameters: _target and _data. _target refers to the target address. That is the part shown in orange in the figure; _target is a white address, attackers cannot control this address arbitrarily, here they use CurveProxyLogic, the white contract (can pass 262 lines of approvedJarConverter[_targets[i] In other words, what can be fully controlled is the parameter _data, which is the part shown in purple in the figure. _data contains the add_liquidity() function that the _execute() function can call, and all parameters passed to add_liquidity() .

At this point, we return to curve, curveFunctionSig, curvePoolSize, curveUnderlyingIndex, underlying in the orange box, where curve is an address, which means that the curve.call() function in the penultimate line of the orange box can execute any contract , therefore, the attacker sets the curve to StrategyCmpdDaiV2, and curveFunctionSig indicates that in addition to the contract just specified, the function to call the contract can also be specified, and the attacker successfully calls the StrategyCmpdDaiV2.withdraw() function through this operation.

Finally, execute back to the ControllerV4.swapExactJarForJar() function, and the extracted cDAI is deposited into the malicious _toJar. In the _toJar.deposit() function, all 950,818,864.8211968 cDAI are immediately transferred to the hacker’s address.

secondary title

How far can DeFi go without strict auditing?

In response to the attack on Pickle Finance (pickle cucumber), its auditing company Haechi tweeted that it conducted an audit of its code in October this year, but the vulnerability exploited by the attacker occurred in the newly created smart contract, not In smart contracts subject to security audits. The code related to this vulnerability attack exists in swapExactJarForJar in controller-v4.sol, not in the previously audited controller-v3.sol, and the smart contract does not contain swapExactJarForJar.

In this regard, the relevant person in charge of PeckShield said: "After some DeFi projects have done the first smart contract security audit, they may omit the audit of newly added smart contracts in order to quickly launch the mainnet. interests, but just like this attack, it ends up being a small loss. DeFi must ensure that the code is thoroughly audited and researched before going online to prevent various possible risks.”