fix
spherex Research

Donations are only for DeFi saints

3 min read ・ Aug 09, 2023 ・by Ido Heth

Euler Finance's Flash-Loan Attack: A $197 Million Loss

Euler Finance has fallen prey to a massive flash-loan attack resulting in the loss of $197 million worth of tokens, although it looks like a typical financial attack, it is a distinct code issue in the smart contract.

The exploit, explained and analyzed by the spherex team involves:

  • Synthetically creating a large under-collateralized position (with the flawed function)
  • Gaining profit from the liquidation fee by liquidating the created position
  • Executing both position opening and liquidation atomically with a contract using a flash-loan

Euler Finance is a permissionless lending protocol that helps users earn interest on their crypto assets or hedge against volatile markets without the need for a trusted third-party.

It boasts several groundbreaking features in the DeFi world like reactive interest rates, MEV-resistant liquidations, and multi-collateral stability pools. Additionally and more relevant for this analysis, Euler Finance’s liquidating fee changes based on how underwater the position is, making it a smart incentive mechanism.

Euler Finance's Features and the Attack Flow

First appeared the official statement, and then the explanations race started:

Euler’s tweet from twitter.com

The attack flow, as described by the Peckshield team:

Taken from Peckshield’s tweet from twitter.com

The exploit is related to the donateToReserves() function:

Taken from Euler’s repo from github.com

After leveraging the first deposit (twice), the hackers donated some of theirs eDAI tokens without the health of theirs position being checked in the process. this created a massive underwater position for them to liquidate and gain massive fees, based on the changed by “bad debt” liquidation fee discussed earlier.

The Flawed Function and Its Consequences

Ironically as quoted from the white paper:

Additionally, this fee ensures that ‘self-liquidating’ is always net-negative, which adds a profitability threshold that some undesirable manipulation strategies are unlikely to meet.

One of the findings we had is the flawed function donateToReserves(), which was introduced to the protocol on July 2022 after being proposed and approved by the governance in the following eip. This functionality was barely used since then (only three times) and all the calls were made by EOAs related to Euler finance (initial funding) - 0xa91d55…6fc93a and 0xb1ae68…ba25a7

Conclusion

The exploit’s sophisticated nature once again highlights the critical importance of robust security practices for blockchain projects. It is evident that relying solely on traditional security measures such as audits or monitoring (even real time monitoring), is not enough to ensure blockchain projects’ security. The vulnerability, lying in an audited code, went undetected for months, and alerting the suspicious activity after the funds already faded was too late. There’s definitely a missing brick in the current stack of smart contract security solutions.

PS

An interesting MEV anecdote — a bot accidentally frontrunned the first exploit transaction and transferred the funds to the hacker contract (check this).

About the author

Ido Heth
Engineer @SphereX's
Follow

Ido has over 6 years of software development and cybersecurity research experience. Before joining SphereX, Ido was an officer in an IDF's intelligence unit.

Tags
spherex Research
Continue your reading with these value-packed posts
spherex Blog
The Silent Threat: How to Protect Your Assets from Compromised Keys in Web3
Safeguarding your keys is crucial - not just for your personal security, but for the integrity of your entire project.
Read more
next icon
3 min read ・ Nov 20, 2024 ・by Shira Shalev
spherex Blog
KY(ha)C(ker) - Stolen KYC Fraud make security tools almost ineffective
Hackers are now switching from anonymization tools, such as TornadoCash, to fabricated or stolen KYC accounts which puts security at risk.
Read more
next icon
1 min read ・ Nov 05, 2024 ・by Maor Ovadia
spherex Blog
Trick Or Treat - Fooling Etherscan’s Proxy Detection
Hybrid Etherscan setup that could potentially lead the Etherscan displaying one thing while the proxy actually points something else.
Read more
next icon
3 min read ・ Oct 31, 2024 ・by Eyal Fine

Get Bulletproof Protection From Web3 Zero-Day Attacks

Image