At 2:37 am on November 22, Beijing time, the CertiK security research team discovered through Skynet that the Pickle Finance project was attacked, and a total of 19.75 million DAI worth nearly 130 million RMB was lost.
Since Pickle Finance started mining on September 10, there has been no sense of existence.
With the sharp rise and fall experience of the food army, investors themselves maintain a certain degree of vigilance against the sudden emergence of the Pickle project.
However, since gaining V God’s personal platform on September 14, Pickle Gherkin has achieved a 10-fold increase in its starting price from flat ground with its new DeFi gameplay and various endorsements in the turbulent DeFi wave.
"I just sold my $10,000 Pickle for $5, and after I slept it was worth $60??? This???"
Just as investors were gearing up to buy this new type of food token or were already deeply involved, the news that came out on November 23 shocked investors.
According to Messari data, since Pickle Finance was hacked, its native token PICKLE plummeted by 50.12% to $10.17, and then recovered slightly. As of now, its market value is $11.41.
secondary title
The whole attack process is as follows:
The whole attack process is as follows:
Step 1: The attacker uses the function of StrategyCmpdDAIV2.getSuppliedUnleveraged() to obtain the amount of Dai that can be withdrawn in the StrategyCmpdDAIV2 contract at address 0xcd892a97951d46615484359355e3ed88131f829d, which is recorded as Amount_A.
Step 2: The attacker calls the swapExactJarForJar() function in the ControllerV4 smart contract located at the address 0x6847259b2b3a4c17e7c43c54409810af48ba5210, and passes in No. 1 and No. 2 dirty jars, Amount_A and 0, [], [] as parameters when calling.
Among them, the No. 1 dirty jar and No. 2 dirty jar are deployed by the attacker themselves and conform to the smart contract of the IJar interface, so the logical implementation of the token() function and other functions are determined by the attacker himself. This step is established because the Pickle Finance swapExactJarForJar() function does not verify whether the incoming jar is the official smart contract address.
With the execution of the swapExactJarForJar() function, when the withdrawForSwap() function in the swapExactJarForJar() function in line 289 above is executed, after a series of function calls, the deleverageToMin() function and deleverageUntil() at 0xcd892a97951d46615484359355e3ed88131f829d are finally executed function , transfer the token (Amount_A) that can be withdrawn in the current StrategyCmpdDAIV2 to the PickleJar smart contract at the address 0x6949bb624e8e8a90f87cd2058139fcd77d2f3f87.
deleverageToMin() function and deleverageUntil() function
Step 3: Call the earn() function in the PickleJar smart contract at address 0x6949bb624e8e8a90f87cd2058139fcd77d2f3f87 (as shown in the figure above).
A total of three calls are made to transfer the number of pDAI in the current PickleJar from the address 0x6b175474e89094c44da98b954eedeac495271d0f to the ControllerV4 smart contract at the address 0x6847259b2b3a4c17e7c43c54409810af48ba5210 Line 87 calls the earn() function in the ControllerV4 contract (as shown in the figure below) shown), pass the deposit() function in line 152 in the figure below.
In this way, the deposit() function in the StrategyCmpdDAIV2 contract of 0xcd892a97951d46615484359355e3ed88131f829d is called, and cDAI with the number of pDAI in PickleJar is minted to StrategyCmpdDAIV2.
Step 4: Call the swapExactJarForJar() function in the ControllerV4 smart contract at the address 0x6847259b2b3a4c17e7c43c54409810af48ba5210 again, and pass in No. 3 and No. 4 dirty jars, and 0, 0, the address of the CurveProxyLogic smart contract, and 0x20 as parameters.
Here 0x20 is an injection parameter, the purpose is to cooperate with the CurveProxyLogic smart contract address to execute the add_liquiditya() function in the CurveProxyLogic smart contract at the address 0x6186e99d9cfb05e1fdf1b442178806e81da21dd8.
Dirty jar No. 3:
0xa2da08093a083c78c21aeca77d6fc89f3d545aed
Dirty jar No. 4:
0xa445e12d69e8bd60290f6935d49ff39ba31c6115
CurveProxyLogic smart contract address: 0x6186e99d9cfb05e1fdf1b442178806e81da21dd8
After this step, the storage in StrategyCmpDAIV2 is transferred from the StrategyCmpDAIV2 smart contract to the ControllerV4 smart contract in the third step.
So far, all tokens that can be withdrawn are stored in the ControllerV4 smart contract in the form of cDAI, and the attacker has the qualification to withdraw cDAI.
In the fifth step, the attacker calls the redeemUnderlying() function in the CErc20Delegator smart contract at the address 0x5d3a536e4d6dbd6114cc1ead35777bab948e3643, and internally calls the CErc20 at the address 0xbb8be4772faa655c255309afc3c5207aa7b896fd The redeemUnderlying(), redeemUnderlyingInternal() and redeemFresh() functions.
Finally, convert all obtained cDAI into DAI, withdraw all DAI and complete the attack.
The redeemUnderlying() function in CErc20Delegator
safety advice
safety advice
Multiple DeFi attacks have shown a fact: "audited" does not mean that it has a security guarantee.
The fact that Pickle Finance passed the security audit in October or earlier does not mean that all its new smart contracts have received real-time security testing.
High returns come with high risks, and the outbreak of this vulnerability is also a warning.
Complete security guarantee = security audit + real-time detection + asset protection = CertiK audit service +CertiK detects security oracles in real time+CertiK Quick Scan+CertiKShield Decentralized Asset Protection Fund Pool
CertiK's series of security services and tools cover the asset security needs of projects and users.
If you have auditing needs, please click the dialog box at the bottom of the CertiK official account and leave a message to get free consultation and quotation!
