bEarn Fi hacking story: code now “small” problem easy to get $11 million

This will not be the last DeFi protocol to be attacked.

On May 16, 2021 at around 9:30 PM Beijing time, PeckShield Pai Shield alerted that bEarn Fi, a cross-chain smart revenue and liquidity aggregator, had been attacked and lost nearly $11 million.

bEarn Fi hacking story: code now "small" problem easy to get  million

PeckShield security personnel traced and analyzed the attack and found that it started with a “glitch” in the bEarn Fi Vault code.

It is worth noting that the principal amount of the attack was borrowed from Cream Finance’s Lightning Loan.

The attackers borrowed 7,804,239.1 BUSD from the Cream Finance lightning loan.

Then, after the contract created by the attacker deposits the borrowed BUSD into BvaultsBank, the BUSD is immediately deposited into the BvaultsStrategy strategy and then transferred to the Alpaca lending pool, at which point the attacker receives the synthetic asset of ibBUSD returned by the lending pool as collateral for the user ( equivalent to a passbook). When exiting, the user can use this certificate to redeem the principal amount pledged in the lending pool and the interest accrued during the pledge period. In this step, Alpaca Vault minted 7,598,066.6 ibBUSD to be returned to BvaultsStrategy.

The contract is mined through Alpaca FairLaunch using the minted 7,598,066.6 ibBUSD.

When the attacker contract withdraws 7,804,239.1 BUSD from BvaultsBank, the price of ibBUSD is converted according to the BvaultsStrategy withdrawal logic, and the price of iBUSD is higher than BUSD, then 7,804,239.1 ibBUSD is equivalent to 8, 016,006.1 BUSD, which is more than 200,000 BUSD more out of thin air.

It is worth noting that the attacker contract can only withdraw 7,804,239.1 BUSD from bVaults Bank and deposit it again for the second round of the attack, adding the portion not withdrawn from BvaultsStrategy in the previous round, at which point the amount transferred from BvaultsStrategy to the Alpaca lending pool becomes 8,000,000 BUSD. The amount transferred by BvaultsStrategy to the Alpaca lending pool becomes 8,016,006.1 BUSD.

The attackers repeated the operation, eventually returning 7,806,580.4 BUSD to Lightning Lending, resulting in a loss of nearly $11 million.

In a review of the attack, bEarn Fi wrote that it is important to review all product code, and due to the recent frequency of DeFi security incidents, future efforts will be refocused from innovation to enhanced security.

bEarn Fi hacking story: code now "small" problem easy to get  million

In fact, after each DeFi security incident, blockchain security company PeckShield warns protocol developers to take a warning, audit and research their code before the protocol goes live, and check their code after an attack to prevent it before it happens, but a thousand words are not as profound as the lesson of losing millions of dollars.

Security is the prerequisite for the growing prosperity of the DeFi ecosystem and the foundation of all innovation and creativity, so don’t wait until losses are incurred before examining the importance of security.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2021-05-17 15:38
Next 2021-05-17 15:43

Related articles