Cointime

Cointime

Download App
iOS & Android

A Detailed Analysis of Euler Finance’s $197 Million Flash Loan Attack

Validated Project

On 13 March 2023 at 08:56:35 AM +UTC, DeFi lending protocol Euler Finance experienced a Flash Loan Attack.

Euler Finance is a protocol that operates as a permissionless lending protocol. Its primary goal is to facilitate lending and borrowing of various cryptocurrencies for users. The UK-based tech startup utilizes mathematical principles to develop non-custodial protocols on Ethereum and other blockchain networks, with a focus on achieving high performance.

Based on on-chain data analysis, the attacker has successfully executed multiple transactions resulting in the theft of approximately $197 million, making it the largest hack of 2023 thus far. Stolen assets include several million worth of DAI, USDC, Staked Ether (StETH), and Wrapped Bitcoin (WBTC).

The breakdown of the stolen assets are as follows:

Detailed Analysis

The attack was possible due to a lack of liquidity checks in the donateToReserves function of the Etoken. The attacker executed multiple calls with different currencies to generate profit, resulting in a massive loss of $196 million across six different tokens. Currently, the funds remain in the attacker’s account.

The attacker’s address is: https://etherscan.io/address/0xb66cd966670d962c227b3eaba30a872dbfb995db

The attacker’s contract address is: https://etherscan.io/address/0x036cec1a199234fc02f72d29e596a09440825f1c

One of the attack transactions can be found here: https://etherscan.io/tx/0xc310a0affe2169d1f6feec1c63dbc7f7c62a887fa48795d327d4d2da2d6b111d

1. The attacker first borrowed 30 million DAI through a flash loan from Aave and then deployed two contracts: one for lending and one for liquidation.

2. The attacker then called the deposit function and pledged 20 million DAI to the Euler Protocol contract, receiving 19.5 million eDAI in return.

3. The Euler Protocol allows users to borrow up to 10 times their deposit by calling the mint function. The attacker leveraged this capability to borrow 195.6 million eDAI and 200 million dDAI.

4. The attacker called the repay function using the remaining 10 million DAI borrowed through the flash loan to repay their debt and destroy 10 million dDAI. They then proceeded to call the mint function again to borrow 195.6 million eDAI and 200 million dDAI.

5. The attacker then called the donateToReserves function and donated 10 times the amount needed to repay their debt, sending 100 million eDAI. They then called the liquidate function to initiate the liquidation process and obtained 310 million dDAI and 250 million eDAI.

6. The attacker called the withdraw function and obtained 38.9 million DAI, which they used to repay the 30 million DAI borrowed through the flash loan. They profited 8.87 million DAI from the attack.

Core Vulnerability

First, let’s take a look at the donateToReserves function, which is where users become vulnerable to liquidation.

Comparing the donateToReserves function to the mint function in the diagram below, we can see that a key step, checkLiquidity, is missing from the donateToReserves function.

Next, we followed up and examined the implementation of checkLiquidity. We discovered the Call InternalModule function, which calls the RiskManager to check and ensure that Etoken > Dtoken for the user.

It is necessary to check the user’s liquidity each time an operation is performed by calling checkLiquidity.

However, the donateToReserves function does not execute this operation, allowing users to first put themselves in a state of liquidation through certain functions of the protocol, and then complete the liquidation.

Attack Reproduction

The Numen Cyber Lab’s team has managed to reproduce the attack.

You may find out more details on the PoC at https://github.com/numencyber/SmartContractHack_PoC/tree/main/EulerfinanceHack

Conclusion

Euler Finance have confirmed the attack on their official Twitter (@eulerfinance) and have stated that they are currently collaborating with security professionals and law enforcement to address the issue.

The recent attack on the Euler Finance protocol highlights the importance of implementing rigorous security measures, such as conducting thorough audits and regularly checking for vulnerabilities.

As the decentralized finance ecosystem continues to grow, it is crucial for projects to prioritize the security of their users’ funds and adopt best practices to mitigate the risk of similar attacks in the future.

Note

This article was originally posted on our website’s blog. Subsequent articles will be posted first on our website and Medium after a slight delay.

Please stay tuned and follow our Twitter @numencyber for any future updates.

Euler Finance
Comments

All Comments

Recommended for you

  • Web3 AI platform ChainML completes $6.2 million seed round of financing

    Web3 AI platform ChainML has announced the completion of a $6.2 million seed round of expansion financing, led by Hack VC, with participation from Inception Capital, HTX Ventures, Figment Capital, Hypersphere Ventures, and Alumni Ventures. The platform also announced the launch of its agent-based foundation layer, Theoriq.

  • Metaverse project Baby Shark Universe completes seed round financing

    Baby Shark Universe project, a metaverse project, has completed a seed round of financing with a valuation of $34 million. Participating investors include Animoca Brands, CREDIT SCEND, Sui Foundation, Comma3 Ventures, Creditcoin, GM Ventures, Neuler, Notch Ventures, X+, and Planetarium. The specific amount has not been disclosed, and the new funds will be used for development and global marketing. According to reports, Baby Shark Universe is an open-world role-playing game where players can create their own game content (items, maps), enjoy content created by other players, and expand the game's narrative based on their choices and actions.

  • Hong Kong Stock Exchange Confirms Crypto ETFs Unavailable to Mainland Chinese Investors

    According to Coindesk, the Hong Kong Stock Exchange has confirmed that cryptocurrency ETFs are not available to mainland Chinese investors. Hong Kong's cryptocurrency ETFs will provide a means to bypass capital controls in mainland China due to their unique physical redemption model.

  • Web3 social infrastructure UXLINK completes $5 million in financing

    Web3 social infrastructure UXLINK announced the completion of a new round of $5 million financing, led by SevenX Ventures, INCE Capital, and HashKey Capital. It is reported that UXLINK's total financing has now exceeded $15 million.

  • Chinese police bust underground bank using cryptocurrency for illegal currency conversion

    Chinese police have arrested six people for running an illegal currency conversion operation that used cryptocurrency to handle around $296 million. The operation was discovered by the Public Security Bureau of Panshi City, Jilin, and involved an "underground bank" that exploited the anonymity and ease of cross-border transfers offered by crypto. The operation used domestic accounts to receive and transfer funds, and exchanged between the yuan and South Korean won. The service was used by Korean purchasing agents, e-commerce firms, and import/export companies, among others.

  • Hong Kong Securities Regulatory Commission warns the public to beware of a suspicious asset investment product called "LENA Network"

    Hong Kong Securities and Futures Commission warned the public to be wary of a suspicious virtual asset investment product called "LENA Network". The product involves pledging and lending arrangements related to virtual assets, and claims to provide high returns to investors. This investment product has not been approved by the Securities and Futures Commission for sale to the Hong Kong public. The Securities and Futures Commission notes that the Hong Kong public can access information about the product and contact the product through the Internet. The Securities and Futures Commission advises against trusting those "too good to be true" investment opportunities and remaining vigilant when making investment decisions.

  • Hong Kong Securities and Futures Commission: The Anti-Money Laundering Ordinance applies to the virtual asset industry

    The "virtual currency to ETF" mechanism in Hong Kong has raised concerns about money laundering. The industry believes that the review difficulty, such as KYT (Know Your Token), is high. Some individuals with mainland backgrounds are trying to conduct small-scale "virtual currency to ETF" transactions, taking the opportunity to "whiten" their own holdings of ether and bitcoin through forms such as personal accounts. They have also deployed some virtual currencies to Hong Kong's virtual currency exchanges and will decide whether to increase capital in the future depending on the situation. When responding to relevant questions, the Hong Kong Securities and Futures Commission emphasized that in the operation of ETF products, every link in the entire virtual asset ecosystem, including fund companies, custodians, asset trading platforms, participating brokers, etc., must be licensed or recognized institutions and strictly comply with requirements such as asset custody, liquidity, valuation, information disclosure, and investor education. The "Anti-Money Laundering Ordinance" of the Securities and Futures Commission also stipulates that financial institutions and designated non-financial enterprises and industry personnel must comply with customer due diligence and record-keeping requirements, and relevant regulations apply to the virtual asset industry.

  • TON community member: Some TON wallets received virtual account NFTs starting with "888", which is a phishing project

    On May 13th, according to a member of the TON official community, a new NFT with a virtual number starting with "888" has been added to the TON wallet. However, the transaction fee for each transfer is as high as 1 TON, which is caused by the fishing project changing the Gas.

  • Swiss Crypto Bank Amina: Listing Ethereum as a Security Could Cause Many Crypto Teams to Exit the Space

    Swiss encrypted bank Amina stated in the latest "Cryptocurrency Market Monitoring" report that classifying Ethereum as a security could not only bring risks to the entire cryptocurrency market, but also lead to many cryptocurrency teams exiting the field. This determination could hinder the development of the cryptocurrency market and potentially reverse progress made over the years. In addition, the US SEC is likely to delay its decision on the status of Ethereum, putting the cryptocurrency asset in a "gray area".

  • Ethereum has about $48.05 million in on-chain loan liquidation quota around $2,778

    According to Defi Llama data, there is approximately $48.05 million in on-chain liquidation volume for Ethereum around $2,778.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company