Stolen 30 million U.S. dollars, full resumption of the first lightning loan attack on the BSC chain

In the DeFi world, with the help of smart contracts, the threshold for individuals to create financial products has been greatly reduced. People can freely design their own financial products according to their own needs, and realize convenient transactions through combination.

At present, as the portfolio of DeFi protocols has become more and more abundant, a large number of “currency Lego” protocols have emerged, from the first-generation decentralized exchange Uniswap in the Ethereum ecosystem to the second-generation evolutionary version of Sushiswap, and then to the Binance smart chain PancakeSwap in the ecology, but the risks in the combination process have gradually become prominent.

On May 2, the DeFi protocol Spartan Potocol was attacked by hackers. Through tracking and analysis, PeckShield found that Spartan Potocol was attacked by a flash loan and lost 30 million U.S. dollars.

The Spartan Protocol (Spartan Protocol) is an asset liquidity project that aims to solve various problems arising from the existing AMM protocol and synthetic assets. The liquidity pool of the Spartan Agreement is the core of this agreement, and all related applications in the system are inseparable from the support of the liquidity pool. SpartanSwap applies the AMM algorithm of THORCHAIN. This algorithm uses Liquidity-sensitive fees to solve liquidity cold start and slippage problems.

The following is the attack process: First, the attacker borrowed a flash loan of 10,000 WBNB from PancakeSwap;

In the second step, the attacker exchanged WBNB into SPARTAN five times in the vulnerable Spartan exchange pool, and exchanged 1,913.172376149853767216 WBNB for 621,865.037751148871481851 SPARTA, 555,430.671213257613862228 SPARTA, 499,085.759, 974016386321 SPARTA, 450, 888. At this time, the attacker wrote 2,536,613.206101067206978364 SPARTA and 11,853.332738790033677468 WBNB. The attacker injected these Tokens into the liquidity pool to provide liquidity, and minted 933,350.959891510782264802 tokens (SPT1-WBNB);

READ  Coinbase's 'Mission' Violates the Spirit of Bitcoin - CoinDesk - CoinDesk

In the third step, the attacker used the same technique to convert WBNB into SPARTAN ten times in the vulnerable exchange pool, and exchanged 1,674.025829131122046314 WBNB for 336,553.226646584413691711 SPARTA,316,580.407937459884368081 SPARTA,298,333.47575083824346321 SPARTA,281,619. ,239,110.715943602161587616 SPARTA,227,062.743086833745362627 SPARTA,215,902.679301559370989883 SPARTA, and 205,545.395265586231012643 SPARTA, a total of 2,639,121.977427448690750716 SPARTA.

In the fourth step, the attacker transfers 21,632.147355962694186481 WBNB and all SPARTA, that is, the 2,639,121.977427448690750716 SPARTA obtained in the above three steps, into the liquidity pool to raise the asset price.

The fifth step is to burn the 933,350.959891510782264802 tokens (SPT1-WBNB) obtained from the second step and withdraw liquidity. As the liquidity pool is in inflation, a total of 2,538,199.153113548855179986 SPARTA and 20,694.059368262615067224 WBNB are burned. It is worth noting that in the second step , The attacker only exchanged 11,853.332738790033677468 WBNB, at this time the attacker made a profit of 9,000 WBNB;

In the sixth step, the attacker injects 1,414,010.159908048805295494 pool tokens in the fourth step to provide liquidity for the flow pool, and then starts the burn mechanism to obtain 2,643,882.074112804607308497 SPARTA and 21,555.69728926154636986 WBNB.

The attacker called the liquidity share function calcLiquidityShare() to query the current balance, and then manipulate the balance arbitrage. The correct operation requires the baseAmountPooled/tokenAmountPooled state.

The operation of the DeFi system needs to be guaranteed by a smart contract, which requires careful review of the code of the smart contract. Once there are any loopholes in the smart contract, it may become the target of hacker attacks.

Under traditional conditions, hackers mainly rely on their advantages in computer technology when attacking the financial system. Under the existing DeFi ecosystem, the interoperability between chains and applications is not so good. , So the probability of arbitrage between cross-chain and cross-application may be greater. At this time, even a person with less computer skills, as long as he has sufficient financial knowledge and sufficient market sense, can become a hacker and attack the DeFi system.

READ  OKEx Is First Exchange to Offer a Full Suite of Trading Products for Uniswap's UNI - PRNewswire

Hackers borrow large sums of money at a small cost through lightning loans on the blockchain, and then use this money to cause price fluctuations of some digital assets, and then profit from them. It first emerged in Ethereum, with Binance Smart The assets in the CeFi+DeFi ecosystem such as chains are becoming more abundant, and hackers are also waiting for opportunities at any time.

The relevant person in charge of PeckShield said: “The attack method is still changed from one chain to another. The DeFi protocol developer should self-check the code after the attack. If you don’t understand this, Professional audit institutions should be found to conduct audits and research to prevent problems before they happen.”

Author/ Translator: Jamie Kim
Bio: Jamie Kim is a technology journalist. Raised in Hong Kong and always vocal at heart. She aims to share her expertise with the readers at blockreview.net. Kim is a Bitcoin maximalist who believes with unwavering conviction that Bitcoin is the only cryptocurrency – in fact, currency – worth caring about.