Cointime

Cointime

Download App
iOS & Android

SharkTeam: Analysis of Atlantis Proposal Attack Principle

On June 10, 2023, Beijing time, Atlantis experienced a proposal attack, resulting in a loss of nearly $1 million. The attackers have made profits of approximately $110,000.

SharkTeam conducted a technical analysis of the incident promptly and summarized security measures. We hope that lessons learned from this event can serve as a reminder for future projects, and together we can build a stronger security defense for the blockchain industry.

1. Incident analysis

Attacker address:

0xeade071ff23bcef312dec938ece29f7da62cf45b

Attack contract:

0x027383C520c289cB5c4B66F8E0c8CA65D0769094

0x613CC544053812aB026d60361212Cdb67B46f42f

0xDc8B8D77d8315de469a806e02f38278E38bDBD0B (fake proposal contract)

Attacked contract:

0x558B96Ee93Ea9C7ec9839BEAfab641d75F94E9a3

Initiate a proposal transaction:

0xac1e694f57db4fdef3275f93b651f62b18d7cb0b3c06977e99b56f2968554afd

Attack transactions:

0xa238ca2d2c57c1678866783b074a0c1204cfaa8c37a383c61a6b8e948d40e3fe

Attack Process:

(1) Firstly, the attacker (0xeade071f) initiated a proposal to the targeted contract (0x558B96Ee) through the attacking contract (0x027383C5). The proposal aimed to modify the admin of the contract.

(2) After a waiting period of 28,800 blocks, which is the voting period for the proposal, the attacker proceeded to vote on the proposal, increasing the forVotes value of the proposal.

(3) The attacker added the proposal to the execution queue of the time lock.

(4) After a waiting period of 172,800 seconds, the proposal was executed, and the admin of the contract was set to the fake proposal contract (0xDc8B8D77).

(5) By invoking the fake proposal contract (0xDc8B8D77), the logic contract of the targeted contract (0x558B96Ee) was set to the attack contract (0x613CC544).

(6) By calling the targeted contract (0x558B96Ee), the attacker actually invoked the backdoor function in the attack contract (0x613CC544) to transfer the authorized user tokens from the targeted contract (0x558B96Ee).

2. Vulnerability Analysis

The governance contract exhibits significant flaws in its logic.

Before adding the proposal to the execution queue of the time lock contract, the verification of the current status of the proposal was not properly conducted.

Due to the bypassing of previous conditions and the fact that eta was initially set to 0 during proposal creation, achieving the Succeeded status of the proposal becomes relatively easy. Once the proposal reaches the Succeeded status, it can be added to the execution queue of the time lock. At this point, it only requires waiting for 172,800 seconds for the current proposal to be executed, completing the attack.

3. Security Recommendations

In light of this attack incident, we should adhere to the following considerations during the development process:

(1) Strictly validate the correctness of the logic when implementing the proposal approval process.

(2) Prior to project deployment, engage a third-party security auditing company to conduct a thorough security audit of the contract logic code.

About us

SharkTeam’s vision is to comprehensively protect the security of the Web3 world. The team is composed of experienced security professionals and senior researchers from all over the world. They are proficient in the underlying theory of blockchain and smart contracts, and provide services including smart contract auditing, on-chain analysis, and emergency response. It has established long-term cooperative relationships with key players in various fields of the blockchain ecosystem, such as Polkadot, Moonbeam, polygon, OKC, Huobi Global, imToken, ChainIDE, etc.
Official website: https://www.sharkteam.org/
Twitter: https://twitter.com/sharkteamorg
Discord: https://discord.gg/jGH9xXCjDZ
Telegram: https://t.me/sharkteamorg

SharkTeam
Comments

All Comments

Recommended for you

  • Web3 AI platform ChainML completes $6.2 million seed round of financing

    Web3 AI platform ChainML has announced the completion of a $6.2 million seed round of expansion financing, led by Hack VC, with participation from Inception Capital, HTX Ventures, Figment Capital, Hypersphere Ventures, and Alumni Ventures. The platform also announced the launch of its agent-based foundation layer, Theoriq.

  • Metaverse project Baby Shark Universe completes seed round financing

    Baby Shark Universe project, a metaverse project, has completed a seed round of financing with a valuation of $34 million. Participating investors include Animoca Brands, CREDIT SCEND, Sui Foundation, Comma3 Ventures, Creditcoin, GM Ventures, Neuler, Notch Ventures, X+, and Planetarium. The specific amount has not been disclosed, and the new funds will be used for development and global marketing. According to reports, Baby Shark Universe is an open-world role-playing game where players can create their own game content (items, maps), enjoy content created by other players, and expand the game's narrative based on their choices and actions.

  • Hong Kong Stock Exchange Confirms Crypto ETFs Unavailable to Mainland Chinese Investors

    According to Coindesk, the Hong Kong Stock Exchange has confirmed that cryptocurrency ETFs are not available to mainland Chinese investors. Hong Kong's cryptocurrency ETFs will provide a means to bypass capital controls in mainland China due to their unique physical redemption model.

  • Web3 social infrastructure UXLINK completes $5 million in financing

    Web3 social infrastructure UXLINK announced the completion of a new round of $5 million financing, led by SevenX Ventures, INCE Capital, and HashKey Capital. It is reported that UXLINK's total financing has now exceeded $15 million.

  • Chinese police bust underground bank using cryptocurrency for illegal currency conversion

    Chinese police have arrested six people for running an illegal currency conversion operation that used cryptocurrency to handle around $296 million. The operation was discovered by the Public Security Bureau of Panshi City, Jilin, and involved an "underground bank" that exploited the anonymity and ease of cross-border transfers offered by crypto. The operation used domestic accounts to receive and transfer funds, and exchanged between the yuan and South Korean won. The service was used by Korean purchasing agents, e-commerce firms, and import/export companies, among others.

  • Hong Kong Securities Regulatory Commission warns the public to beware of a suspicious asset investment product called "LENA Network"

    Hong Kong Securities and Futures Commission warned the public to be wary of a suspicious virtual asset investment product called "LENA Network". The product involves pledging and lending arrangements related to virtual assets, and claims to provide high returns to investors. This investment product has not been approved by the Securities and Futures Commission for sale to the Hong Kong public. The Securities and Futures Commission notes that the Hong Kong public can access information about the product and contact the product through the Internet. The Securities and Futures Commission advises against trusting those "too good to be true" investment opportunities and remaining vigilant when making investment decisions.

  • Hong Kong Securities and Futures Commission: The Anti-Money Laundering Ordinance applies to the virtual asset industry

    The "virtual currency to ETF" mechanism in Hong Kong has raised concerns about money laundering. The industry believes that the review difficulty, such as KYT (Know Your Token), is high. Some individuals with mainland backgrounds are trying to conduct small-scale "virtual currency to ETF" transactions, taking the opportunity to "whiten" their own holdings of ether and bitcoin through forms such as personal accounts. They have also deployed some virtual currencies to Hong Kong's virtual currency exchanges and will decide whether to increase capital in the future depending on the situation. When responding to relevant questions, the Hong Kong Securities and Futures Commission emphasized that in the operation of ETF products, every link in the entire virtual asset ecosystem, including fund companies, custodians, asset trading platforms, participating brokers, etc., must be licensed or recognized institutions and strictly comply with requirements such as asset custody, liquidity, valuation, information disclosure, and investor education. The "Anti-Money Laundering Ordinance" of the Securities and Futures Commission also stipulates that financial institutions and designated non-financial enterprises and industry personnel must comply with customer due diligence and record-keeping requirements, and relevant regulations apply to the virtual asset industry.

  • TON community member: Some TON wallets received virtual account NFTs starting with "888", which is a phishing project

    On May 13th, according to a member of the TON official community, a new NFT with a virtual number starting with "888" has been added to the TON wallet. However, the transaction fee for each transfer is as high as 1 TON, which is caused by the fishing project changing the Gas.

  • Swiss Crypto Bank Amina: Listing Ethereum as a Security Could Cause Many Crypto Teams to Exit the Space

    Swiss encrypted bank Amina stated in the latest "Cryptocurrency Market Monitoring" report that classifying Ethereum as a security could not only bring risks to the entire cryptocurrency market, but also lead to many cryptocurrency teams exiting the field. This determination could hinder the development of the cryptocurrency market and potentially reverse progress made over the years. In addition, the US SEC is likely to delay its decision on the status of Ethereum, putting the cryptocurrency asset in a "gray area".

  • Ethereum has about $48.05 million in on-chain loan liquidation quota around $2,778

    According to Defi Llama data, there is approximately $48.05 million in on-chain liquidation volume for Ethereum around $2,778.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company