On March 17, 2022, Beijing time, our system monitored suspicious transactions involving APE Coin. According to a report by twitter user Will Sheehan, the arbitrage robot obtained more than 60,000 APE Coins (worth $8 each) through lightning loans. .

After our analysis, we found that this is related to the loopholes in the airdrop mechanism of APE Coin. Specifically, whether APE Coin can be airdropped depends on whether a certain user holds the instantaneous state of BYAC NFT, and this instantaneous state can be manipulated by an attacker who borrows a flash loan and then redeems to obtain BYAC NFT. The attacker first borrows BYAC Token through flash loan, and then redeems to obtain BYAC NFT. Then use these NFTs to claim the airdropped APE, and finally use BYAC NFT mint to get BYAC Token to return the flash loan. We think this model is very similar to price manipulation attacks based on flash loans (the contract uses the instantaneous price of an asset to price another asset, and this instantaneous price can be manipulated).

Next, we use an attack transaction (https://versatile.blocksecteam.com/tx/eth/0xeb8c3bebed11e2e4fcd30cbfc2fb3c55c4ca166003c7f7d319e78eaab9747098) to briefly describe the whole process.

Step I: Attack preparation

The attacker purchased BYAC NFT number 1060 and transferred it to the attack contract. This NFT was purchased by the attacker on the open market for 106 ETH.

Step II: Borrow flash loan and redeem into BYAC NFT

The attacker borrowed a large amount of BYAC Token through flash loans. In this process, the attacker obtained 5 BYAC NFTs (numbers 7594, 8214, 9915, 8167, 4755) through redeem BYAC token.

Step III: Receive airdrop rewards through BYAC NFT

During this process, the attacker used 6 NFTs to claim the airdrop. 1060 is its purchase, and the remaining 5 are obtained in the previous step. Through the airdrop, the attacker received a total of 60,564 APE tokens as rewards.

Step IV: Mint BYAC NFT gets BYAC Token

The attacker needs to return the borrowed BYAC Token. So it will get BYAC NFT mint to get BYAC Token. During this process, he also mint his own numbered 1060 NFT. This is because additional BYAC Token is required to pay the fee for the flash loan. Then sell the BYAC Token after paying off the service fee to get 14 ETH.

profit

The attacker obtained 60,564 APE tokens, worth 500,000 US dollars. The attack cost is 1060 NFT (106ETH) minus 14ETH obtained by selling BYAC Token.

Lessons

We believe that the root of the problem is that APE's airdrop only considers the instantaneous state (whether the NFT is held by a certain user at a certain moment). And this assumption is very fragile and can be easily manipulated by attackers. If the cost of the attacker manipulating the state is less than the reward of the APE airdrop obtained, then an actual attack opportunity will be created.