Analysis of EIP-2535 Diamond Protocol from The Saudis Incident

Background Information

On July 10, 2022, a fiery NFT project TheSaudis launched a freemint campaign (whitelisted users can mint their NFTs for free). Just after the mint event ended, a user named RIGHTBLOCK sold the NFT in a large amount in the market. The project team quickly locked the user and made changes to the contract to transfer a large number of NFTs in the user’s hands. Come back, and they will later promise to give these NFTs back to community users.

Analysis of EIP-2535 Diamond Protocol from The Saudis Incident

So why can the project party transfer the NFT in the user’s hand? After our analysis, we found that the contract of the NFT project adopts the EIP-2535 protocol, also known as the diamond protocol. The project party uses this protocol to rewrite the functions of the contract to realize the transfer of these NFTs. Next, the SlowMist security team will introduce the details of the Diamond Protocol (EIP-2535).

Introduction to the Diamond Protocol

EIP-2535 is a proposal to modularize the code of contracts on Ethereum. Its purpose is to allow large smart contracts to break through the maximum size limit of 24kb, and to make it easier for contracts to update functions.

To understand the Diamond Protocol, there are several related concept definitions that need to be known:

  • Diamond : Diamond can be understood as a proxy contract (Proxy), and it is also the main contract that interacts with users
  • Facet : Just like a real diamond has different sides, a diamond contract also has different faces. The contract that needs to be called for each function of the diamond contract corresponds to a facet, so it can also be understood as an implementation contract (Implementation)
  • Diamond Cut : The Diamond Protocol Standard extends a function called Diamond Cut. Its main function is to add, replace or delete facets and functions from diamonds, which can be understood as the upgrade of the contract.
  • The Loupe : The magnifying glass function in the diamond protocol standard is mainly to return the information about the facet and the existence of the diamond, which is stored in the internal storage structure of the diamond contract – DiamondStorage

The entire diamond model looks like this:

Analysis of EIP-2535 Diamond Protocol from The Saudis Incident

By using the Diamond Standard Specification to create a diamond contract, the contract can use the code of any number of other faceted contracts just like the code of the current contract.

Different functions in the diamond contract need to be implemented by calling the code of the corresponding different facet contracts, and the function of diamond cutting can be used to modify (add, replace or delete) the functions in the diamond contract.

This is different from most of the ways on the market that use a proxy contract and an implementation contract to achieve interaction and upgrades.

Analysis of EIP-2535 Diamond Protocol from The Saudis Incident

event analysis

Next, let’s go back and analyze some details of the incident of The Saudis. In the DiamondCutFacet.sol contract of the project, you can see the function that implements the diamondCut function.

Analysis of EIP-2535 Diamond Protocol from The Saudis Incident

The function will first call the enforceIsContractOwner function of the LibDiamond library to determine whether the caller is the owner of the contract. If it is called by the owner, it will call the diamondCut function of the LibDiamond library to update the function of the diamond contract.

Analysis of EIP-2535 Diamond Protocol from The Saudis Incident

Following up on this function, we found that the diamond cutting will judge the addition, replacement or deletion according to the different incoming actions, so we will follow up to see the transaction that the project party calls this function.

Analysis of EIP-2535 Diamond Protocol from The Saudis Incident

We found that a new aspect contract 0x70d8ccaf6b50b051ab1e8fa238626163e45a8b03 (not open source) was passed in. If the incoming action is set to 1, it should call replaceFunctions to implement the replacement function.

Analysis of EIP-2535 Diamond Protocol from The Saudis Incident

From the replaceFunctions function, it can be analyzed that the function will first add a new facet to the incoming address, and then cyclically read the old facet corresponding to each function selector passed in from the storage to delete it. Added as a new facet address passed in.

So far, it can be known that The Saudis project party used the diamond cutting function to rewrite the transfer function, so as to transfer the NFT in the hands of user RIGHTBLOCK back to his own account.

Related Information

The Saudis contract address:

0xe21ebcd28d37a67757b9bc7b290f4c4928a430b1

User Rightblock Address:

0x80266b1e3f0C2cAdAE65A4Ef5Df20f3DF3707FfB

The project party updates the contract transaction:

0xbc559a72f73e6c9a53416fd13a3ebaaa76dca5855ff8b79511585f514eaf2390

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/analysis-of-eip-2535-diamond-protocol-from-the-saudis-incident/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-07-11 22:54
Next 2022-07-12 09:58

Related articles