On 02/15, bZx team announced on the bZx’s official Telegram channel, saying that there was an “exploit executed” against the bZx protocol and that the firm has paused that protocol, “except for lending and unlending.” The team has not released the official post-mortem analysis yet, and researchers at PeckShield take the initiative to delve into the details and realize that this particular issue is inherent in current DeFi projects that share so-called composable liquidity. In addition, this issue can be likely exploitable in a number of similar settings (particularly with margin trades or borrows).

We have to admit that the exploit itself, technically, is quite original. And the goal of our analysis and this disclosure is to clarify unnecessary misunderstandings around the issue and hopefully can lead to more insightful discussions. These discussions will be beneficial for the DeFi community, especially in the development of next-generation, safer and more robust liquidity-sharing models.

Details

The exploit happens at 2020-02-15 01:38:57 +0000 (Ethereum block height #9484688). The culprit transaction can be found on etherscan. This attack process can be separated into the following five steps:

1: Flashloan Borrow. This step basically takes advantage of the dYdX flashloan feature to borrow 10,000 ETH. This part is already known and we will not explain further.


Figure 1: Flashloan Borrowing From dYdX

2: Hoard. With the flashloan, the exploit deposits 5500 ETH into Compound as collateral to borrow 112 WBTC. This is a normal Compound operation and this hoarded WBTC is be dumped in Step 4.


Figure 2: WBTC Hoarding From Compound

3: Margin Pump. After hoarding, this step takes advantage of the bZx margin trade feature to short ETH in favor of WBTC (i.e., sETHwBTCx5). In particular, the attacker deposits 1300 ETH and calls bZx margin trading function, i.e., mintWithEther (that cascadingly invokes marginTradeFromDeposit). The margin trading function leverages KyberSwap to swap the borrowed 5637.623762 ETH for 51.345576 WBTC in return. Notice that it is 5x borrow to short ETH.

To complete this trade, KyberSwap essentially consults its reserves and finds the best rate, which turns out to be the KyberUniswap reserve. This step essentially drives the WBTC price up in Uniswap.


Figure 3: Margin Pumping With bZx (and Kyber + Uniswap)

4: Dump. With the spiked WBTC price in Uniswap, the attacker sells the Compound-borrowed 112 WBTC back for WETH in Uniswap. This leads to the net of 6871.4127388702245 ETH in return.

5: Flashloan Repay. With the netted 6871.4127388702245 ETH from the dumped 112 WBTC, the attacker repays the flashloan back to dYdX.


Figure 4: WBTC Dumping With Uniswap

As mentioned earlier, this is an interesting attack with the combination of various notable features, such as flashloan, margin trade, and pump-and-dump. The reason why this attack is possible is due to the current shared composable liquidity model. Particularly, The 5x margin trade allows for the borrow of large volume of tokens with relatively low cost and the shared liquidity effectively contributes to the planned pump-and-dump scheme from one DeFi project to another. The profit analysis of this attack is also interesting and we leave it for another blog.

About us

PeckShield Inc. is an industry leading blockchain security company with the goal of elevating the security, privacy, and usability of current blockchain ecosystem. For any business or media inquiries (including the need for smart contract auditing), please contact us at telegram, twitter, or email.



Published

15 February 2020

Tags