Cointime

Cointime

Download App
iOS & Android

A Detailed Analysis of Euler Finance’s $197 Million Flash Loan Attack

Validated Project

On 13 March 2023 at 08:56:35 AM +UTC, DeFi lending protocol Euler Finance experienced a Flash Loan Attack.

Euler Finance is a protocol that operates as a permissionless lending protocol. Its primary goal is to facilitate lending and borrowing of various cryptocurrencies for users. The UK-based tech startup utilizes mathematical principles to develop non-custodial protocols on Ethereum and other blockchain networks, with a focus on achieving high performance.

Based on on-chain data analysis, the attacker has successfully executed multiple transactions resulting in the theft of approximately $197 million, making it the largest hack of 2023 thus far. Stolen assets include several million worth of DAI, USDC, Staked Ether (StETH), and Wrapped Bitcoin (WBTC).

The breakdown of the stolen assets are as follows:

Detailed Analysis

The attack was possible due to a lack of liquidity checks in the donateToReserves function of the Etoken. The attacker executed multiple calls with different currencies to generate profit, resulting in a massive loss of $196 million across six different tokens. Currently, the funds remain in the attacker’s account.

The attacker’s address is: https://etherscan.io/address/0xb66cd966670d962c227b3eaba30a872dbfb995db

The attacker’s contract address is: https://etherscan.io/address/0x036cec1a199234fc02f72d29e596a09440825f1c

One of the attack transactions can be found here: https://etherscan.io/tx/0xc310a0affe2169d1f6feec1c63dbc7f7c62a887fa48795d327d4d2da2d6b111d

1. The attacker first borrowed 30 million DAI through a flash loan from Aave and then deployed two contracts: one for lending and one for liquidation.

2. The attacker then called the deposit function and pledged 20 million DAI to the Euler Protocol contract, receiving 19.5 million eDAI in return.

3. The Euler Protocol allows users to borrow up to 10 times their deposit by calling the mint function. The attacker leveraged this capability to borrow 195.6 million eDAI and 200 million dDAI.

4. The attacker called the repay function using the remaining 10 million DAI borrowed through the flash loan to repay their debt and destroy 10 million dDAI. They then proceeded to call the mint function again to borrow 195.6 million eDAI and 200 million dDAI.

5. The attacker then called the donateToReserves function and donated 10 times the amount needed to repay their debt, sending 100 million eDAI. They then called the liquidate function to initiate the liquidation process and obtained 310 million dDAI and 250 million eDAI.

6. The attacker called the withdraw function and obtained 38.9 million DAI, which they used to repay the 30 million DAI borrowed through the flash loan. They profited 8.87 million DAI from the attack.

Core Vulnerability

First, let’s take a look at the donateToReserves function, which is where users become vulnerable to liquidation.

Comparing the donateToReserves function to the mint function in the diagram below, we can see that a key step, checkLiquidity, is missing from the donateToReserves function.

Next, we followed up and examined the implementation of checkLiquidity. We discovered the Call InternalModule function, which calls the RiskManager to check and ensure that Etoken > Dtoken for the user.

It is necessary to check the user’s liquidity each time an operation is performed by calling checkLiquidity.

However, the donateToReserves function does not execute this operation, allowing users to first put themselves in a state of liquidation through certain functions of the protocol, and then complete the liquidation.

Attack Reproduction

The Numen Cyber Lab’s team has managed to reproduce the attack.

You may find out more details on the PoC at https://github.com/numencyber/SmartContractHack_PoC/tree/main/EulerfinanceHack

Conclusion

Euler Finance have confirmed the attack on their official Twitter (@eulerfinance) and have stated that they are currently collaborating with security professionals and law enforcement to address the issue.

The recent attack on the Euler Finance protocol highlights the importance of implementing rigorous security measures, such as conducting thorough audits and regularly checking for vulnerabilities.

As the decentralized finance ecosystem continues to grow, it is crucial for projects to prioritize the security of their users’ funds and adopt best practices to mitigate the risk of similar attacks in the future.

Note

This article was originally posted on our website’s blog. Subsequent articles will be posted first on our website and Medium after a slight delay.

Please stay tuned and follow our Twitter @numencyber for any future updates.

Euler Finance
Comments

All Comments

Recommended for you

  • Trump Threatens to Destroy Iranian Power Plants if Strait of Hormuz Not Opened

    March 20 - Trump stated that if Iran does not fully open the Strait of Hormuz within 48 hours, the United States will strike and destroy multiple Iranian power plants, starting with the largest one. (Jins10)

  • ETH Drops Below $2100

    Market data shows that ETH has fallen below $2100, currently trading at $2095.44. It has experienced a 24-hour decline of 2.47%. The market is experiencing significant volatility, so please manage your risk accordingly.

  • BTC Drops Below $69,000

    Market data shows that BTC has fallen below $69,000, currently trading at $68,955. The cryptocurrency has seen a 2.31% decrease in the past 24 hours. The market is experiencing significant volatility, and investors are advised to implement risk control measures.

  • BTC Drops Below $70,000

    Market data shows that BTC has fallen below $70,000, currently trading at $69,988.17. It has experienced a 0.74% decrease in the past 24 hours. The market is experiencing significant volatility, so please manage your risk accordingly.

  • Golden Morning News | Key Overnight Developments on March 22

    9:00 PM - 7:00 AM Keywords: Iran, US Dollar, Strait of Hormuz 1. BofA: Maintains a medium-term bearish view on the US Dollar. 2. Israeli Defense Minister states that strikes against Iran will intensify in the coming week. 3. Iranian Armed Forces announce significant actions being taken in the Strait of Hormuz. 4. US media reports that Trump's team is developing strategies for potential peace talks with Iran. 5. Analysts: US SEC's cryptocurrency guidance marks the "end of an era" for Gensler. 6. British media: Over 20 countries declare readiness to contribute to ensuring safe passage through the Strait of Hormuz. 7. Cryptocurrency companies lay off hundreds of employees within weeks, attributing it to a weak market and powerful AI.

  • US Media: Trump Team Strategizing for Potential Iran Peace Talks

    According to the website AXIOS, a US official and an informed source revealed that after three weeks of war, the Trump administration has begun preliminary discussions on the next phase and the possible form of peace negotiations with Iran. US President Trump stated on Friday that he is considering a "phased end" to the war, but US officials indicated that the fighting is expected to continue for another two to three weeks. Meanwhile, Trump's advisors hope to begin preparing for diplomatic mediation. Sources revealed that Trump's envoys Kushner and Wittcoff are participating in discussions regarding potential diplomatic avenues. Any agreement to end the war must include the reopening of the Strait of Hormuz, addressing Iran's enriched uranium stockpile, and reaching a long-term agreement on Iran's nuclear program, ballistic missiles, and support for regional proxies. Other sources also revealed that although Egypt, Qatar, and the UK have all conveyed messages between the US and Iran, there have been no direct contacts between the US and Iran in recent days. Egypt and Qatar have informed the US and Israel that Iran is interested in negotiations, but the conditions are very tough, with Iran's demands including a ceasefire, guarantees against future wars, and reparations.

  • BTC Surges Past $71,000

    Market data shows that BTC has broken through $71,000, currently trading at $71,007.92. It has seen a 1.93% increase in the last 24 hours. The market is experiencing significant volatility, so please manage your risk accordingly.

  • Golden Evening News | Key Developments on March 21st

    12:00-21:00 Keywords: Coinbase, Iran, OpenAI, James Wynn 1. Citigroup: Bitcoin could reach $165,000 this year. 2. Iranian Foreign Minister states the pursuit of a complete end to the war, not a temporary ceasefire. 3. OpenAI plans to nearly double its workforce to 8,000 employees by the end of the year. 4. James Wynn returns to HyperLiquid, shorting Bitcoin with 40x leverage. 5. Tim Cook responds to OpenClaw driving Mac Mini sales: Neural Engine added ten years ago. 6. Coinbase's asset management arm launches tokenized shares of a Bitcoin fund, accelerating its asset tokenization strategy.

  • Polymarket to Announce Major News Next Monday, Potentially Related to Token Launch or Funding

    March 21st news: A member of the official Polymarket team, Mustafa, posted on X stating that major news will be announced next Monday. Due to the inclusion of a coin emoji in the tweet, the community speculates that the significant news may be related to funding or a token launch. Previously, it was reported that prediction market platforms Kalshi and Polymarket were in discussions with potential investors for a new round of financing, with both targeting valuations of approximately $20 billion. Kalshi has recently completed a new round of financing exceeding $1 billion, reaching a valuation of $22 billion, doubling its valuation from the previous round in December last year, which was $11 billion. Sources familiar with the matter revealed that this round of financing was led by Coatue Management, and Kalshi's current annualized revenue is $1.5 billion.

  • Midday Briefing | Key Updates for March 21

    7:00 AM - 12:00 PM Keywords: Zedxion, Gold, Galaxy Digital, US SEC 1. UK Proposes Revoking License for Crypto Exchange Zedxion for Allegedly Facilitating Funding for Iran. 2. Gold Records Largest Weekly Drop in 43 Years. 3. Sources: Trump Administration Developing Plan to Seize Iranian Nuclear Material Reserves. 4. CryptoQuant Analyst: Galaxy Digital Suspected of Selling Approximately 700 BTC. 5. Galaxy Head of Research: New SEC Rules Reshape Digital Asset Regulation, Providing Clear Secondary Market Channels. 6. Claude Code Launches Cloud-Based Scheduled Tasks: Automates PR reviews, dependency upgrades, no local execution needed. 7. World Team Suspected of Conducting OTC Trade with an Entity, Sending 117 Million WLD.

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company