BTC0.020
ETH0.020
HTX0.020
SOL0.020
BNB0.020
BTC0.020
ETH0.020
HTX0.020
SOL0.020
BNB0.020
DeFi faces besieged on all sides? About $15 million stolen from Inverse Finance
成都链安
2022-04-10 05:29
本文约1013字,阅读全文需要约4分钟
The Inverse Finance project was attacked, and the cumulative loss is estimated to be about 15 million US dollars.

On April 2, 2022, public opinion monitoring on the Chengdu Lianan Chain Bing-blockchain security situational awareness platform showed that the Inverse Finance project was attacked, and the cumulative loss was estimated to be about 15 million US dollars. The Chengdu LianAn technical team conducted a relevant analysis of the incident for the first time.

#1 is analyzed as follows

Attack address 1:

0x117c0391b3483e32aa665b5ecb2cc539669ea7e9

Attack address 2:

0x8b4c1083cd6aef062298e1fa900df9832c8351b3

Attack contract:

0x20a6dcff06a791a7f8be9f423053ce8caee3f9eecc31df32445fc98d4ccd8365

0x600373f67521324c8068cfd025f121a0843d57ec813411661b07edc5ff781842

Attack contract:

0xea0c959bbb7476ddd6cd4204bdee82b790aa1562

First, the attacker withdraws 900 ETH from Tornado.Cash to prepare for raising the price of INV tokens.

The attacker used 300 ETH to exchange 374 INV tokens, and then exchanged 200 ETH for 1372 INV tokens, and exchanged a total of 1746 INV tokens. Here we can find that the first pool only exchanged 374 INV tokens with 300 ETH INV, but later exchanged 200 ETH for 1372 INV tokens, and the price of INV in the first pool WETH/INV has been significantly increased.

When calculating the price of Xinv tokens, rely on the pair WETH/INV (0x328dfd0139e26cb0fef7b0742b49b0fe4325f821) to calculate. Because the pair pool has been manipulated, and the timeElapsed interval is short, the attacker needs to be satisfied that the call is not in the current block, and the manipulated price can be used, and the value of the xINV token can be manipulated.

It can be seen that after the attack manipulates the pair, it keeps sending mint transactions to ensure that it can maximize the use of the time window. At the same time, the attacker cleverly avoided the price manipulation block (14506358) to mint, otherwise the previous block of the price manipulation block would be used to calculate the price.

Then the attacker directly mints all the 1746 INV tokens he holds (here it is a mortgage), in exchange for 1156 xINV tokens (LP tokens), and then borrows a large number of tokens by relying on the xINV he holds.

The cumulative loss of the Inverse finance project party is estimated to be about 15 million US dollars.

Here, Chengdu Lianan recommends that the project party use a sufficiently long time window. For example, you can refer to the following Uniswap sample code. timeElapsed must be greater than 24 hours.

Safety
成都链安
作者文库
推荐文章
Financing Express of the Week | 13 projects received investment, with a total disclosed financing amount of US$228 million (June 2-June 8)
29 minutes ago
Financing Express of the Week | 13 projects received investment, with a total disclosed financing amount of US$228 million (June 2-June 8)
SignalPlus Macro Analysis Special Edition: Quiet Calm
12 minutes ago
SignalPlus Macro Analysis Special Edition: Quiet Calm
KTA soared 10 times in one month. What other projects in the Base ecosystem are worth paying attention to?
39 minutes ago
KTA soared 10 times in one month. What other projects in the Base ecosystem are worth paying attention to?
InfoFi Gold Digging Guide: In addition to Kaito, what other Alpha gameplays are there?
an hour ago
InfoFi Gold Digging Guide: In addition to Kaito, what other Alpha gameplays are there?
Gate and F1 Red Bull Racing Team Launch "Red Bull Racing Tour": Limited Spectator Seats + Up to 5,000 GT Prize Pool
3 hours ago
Gate and F1 Red Bull Racing Team Launch "Red Bull Racing Tour": Limited Spectator Seats + Up to 5,000 GT Prize Pool
A brief discussion on the Bitcoin Core transaction relay controversy. Why should we support it?
2 hours ago
A brief discussion on the Bitcoin Core transaction relay controversy. Why should we support it?