Cointime

Cointime

Download App
iOS & Android

Analysis of Flash Loan Price Manipulation Attacks on the Themis Protocol

On June 28th, Beijing time, Themis protocol was targeted by a Flash Loan attack, with the attacker having gained approximately $370,000 in profits.

SharkTeam conducted a technical analysis of this incident promptly and has summarized security measures to be taken. It is hoped that future projects can learn from this and collectively strengthen the security defenses of the blockchain industry.

1. Incident analysis

Attacker address: 0xdb73eb484e7dea3785520d750eabef50a9b9ab33

Attack contract:

0x05a1b877330c168451f081bfaf32d690ea964fca

0x33f3fb58ea0f91f4bd8612d9f477420b01023f25

Attacked contract: 0x75f805e2fb248462e7817f0230b36e9fae0280fc

Attack transactions:

0xff368294ccb3cd6e7e263526b5c820b22dea2b2fd8617119ba5c3ab8417403d8

Attack process:

(1) The attacker (0xdb73eb48) borrowed 22,000 WETH through a Flash Loan.

(2) Subsequently, the attacker borrowed an additional 10,000 and 8,000 WETH from the UniswapV3Pool.

(3) Then, the attacker (0xdb73eb48) deposited 220 WETH and borrowed DAI, USDT, USDC, ARB, and WBTC separately.

(4) Furthermore, the attacker (0xdb73eb48) deposited another 220 WETH and borrowed DAI, USDT, USDC, ARB, and WBTC separately.

(5) The attacker (0xdb73eb48) added 55 WETH to the pool and obtained 54.6 wstETH.

(6) The attacker (0xdb73eb48) called the swap function and exchanged all 39,725 WETH for 2,423 wstETH.

(7) Then, taking advantage of the high price of wstETH, the attacker borrowed 317 WETH using only 54.6 wstETH.

Finally, the attacker (0xdb73eb48) exchanged wstEth back to WETH, returned the flash loan, and left the market with a profit.

2 Vulnerability Analysis

The essence of this attack is the manipulation of prices for two tokens in the pool using a Flash Loan. The proportion calculated by the oracle can be manipulated, leading to asset losses. The attacker's initial three steps involved exchanging WETH for various tokens while depositing WETH into the pool, increasing the pool's WETH balance. The crucial step was the sixth step, where over 30,000 WETH was exchanged, causing a significant issue with the ratio between wstETH and WETH in the pool. This distorted ratio led to an increased exchange ratio calculated by the oracle, allowing the attacker to borrow more WETH using a small amount of wstETH.

It is evident that there was a noticeable increase in the calculated results after exchanging WETH for wstETH.

3. Security Recommendations

In light of this attack incident, developers should adhere to the following considerations during the development process:

1. Conduct thorough validation to identify any potential price manipulation issues in the development of oracles and liquidity pools.

2. Consider implementing Time-Weighted Average Price (TWAP) algorithms within oracles to calculate token prices.

3. Prior to project deployment, seek technical assistance from professional third-party auditing teams.

Web3 SharkTeam
Comments

All Comments

Recommended for you

  • US Spot Ethereum ETF Sees Net Outflow of $4.93 Million

    On June 13, according to monitoring by Trader T, the US spot Ethereum ETF experienced a net outflow of $4.93 million yesterday.

  • US Spot Bitcoin ETF Sees Net Inflow of $85.82 Million Yesterday

    On June 13, according to monitoring by Trader T, the US spot Bitcoin ETF recorded a net inflow of $85.82 million yesterday.

  • U.S. Bans Foreign Access to Fable 5 and Mythos 5; Anthropic Issues Detailed Rebuttal

    On June 13, Anthropic issued a statement announcing that the U.S. government, citing national security powers, has released an export control directive requiring the suspension of all access to the AI models Fable 5 and Mythos 5 by foreign entities, regardless of whether the individuals are within the U.S., including Anthropic employees who are foreign nationals. The practical effect of this order is that we must immediately disable access to Fable 5 and Mythos 5 for all customers to ensure compliance. Access to all other Anthropic models will not be affected. We received the government's directive at 5:21 PM (Eastern Time) today. The letter did not specify the details of its national security concerns. Our understanding is that the government believes it has become aware of a method to bypass or 'jailbreak' Fable 5. So far, the government has only provided us with verbal evidence suggesting the existence of a potential narrow, non-general jailbreak, essentially by requiring the model to read specific code libraries and fix any software defects. We are complying with the government's legitimate directive and are in the process of removing all users' access to Fable 5 and Mythos 5. However, we disagree with the conclusion that 'a narrow potential jailbreak vulnerability should be the reason to recall commercial models deployed to hundreds of millions of users.' (Jinshi)

  • Iranian Foreign Minister: Iran-U.S. Memorandum of Understanding May Be Signed in Days

    On June 13, Iranian media reported that Iranian Foreign Minister Amir-Abdollahian stated that once the final stage of negotiations between Iran and the U.S. is completed, the memorandum of understanding will be signed and announced immediately. The first phase will be signed electronically from a distance, "which may happen in the coming days." (Xinhua News Agency)

  • U.S. Officials: U.S. and Iran Close to Agreement, Signing Expected in Coming Days

    On June 13, Reuters reported that a senior U.S. official stated on Friday local time that the U.S. and Iran have not yet truly reached the finish line, but are very close to finalizing an agreement to resolve their conflicts. Washington expects to sign the agreement in the coming days. 'The negotiating team has put us in a very favorable position, but we still need to see, we haven't really reached the finish line, but we are very close,' the U.S. official said. The official noted that the agreed terms achieve a core goal of Trump. The memorandum of understanding includes the reopening of the Strait of Hormuz and the lifting of U.S. blockades on Iranian ports. Iran's highly enriched uranium will also be destroyed on-site and subsequently removed from the country. 'Iran will not gain anything from signing the memorandum or from the negotiations themselves,' the official said. 'They will receive economic rewards for fulfilling the obligations set forth in the agreement. Therefore, if they commit to handing over nuclear materials, they will gain something. If they dismantle their nuclear program or facilities, they will receive additional benefits.'

  • Iran's Foreign Ministry: Iran is Reviewing Draft Memorandum of Understanding

    On June 13, local time on the 12th, Iranian Foreign Ministry spokesperson Baghaei stated that Iran and the United States have reached an understanding on most issues, and Iran is currently in the final stages of compiling the text of the memorandum of understanding. Therefore, the previous statement by Iranian Foreign Minister Amir-Abdollahian that 'the two sides are very close to reaching an understanding' is accurate and noteworthy. Meetings of relevant decision-making bodies are ongoing, and this is a process that is being continuously advanced. To achieve a final and decisive outcome, consensus must be formed among decision-making bodies and relevant departments. Baghaei also mentioned that various speculations regarding the content of the agreement text have not been confirmed. Although specific details of the diplomatic process cannot be publicly discussed at this time, this does not mean that the public does not have the right to be informed. (CCTV News)

  • SpaceX Opens at $150 on First Day of Trading, IPO Price Set at $135

    On June 12, SpaceX opened at $150 on its first day of trading, with an IPO price set at $135.

  • Iranian Foreign Minister Claims Iran and US 'Have Never Been Closer' to Memorandum of Understanding

    On June 12, Iranian Foreign Minister Amir-Abdollahian stated on social media that Iran and the US 'have never been closer' to reaching a memorandum of understanding. He urged the media to refrain from speculating on its contents before finalization. The Iranian side will disclose all details in due course. (CCTV News)

  • BTC Surpasses $64,000

    Market data shows that BTC has surpassed $64,000, currently priced at $64,107.99, with a 24-hour increase of 2.18%. The market is experiencing significant volatility, so please ensure proper risk management.

  • Web3 data and AI company Validation Cloud completes $10 million in new round of financing

     Web3 data and AI company Validation Cloud announced a $10 million financing round from True Global Ventures. The company plans to use the funds to expand its AI products and achieve seamless access to Web3 data.

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company