Blockchain security firm CertiK: Watch out for the 4 biggest security risks in DeFi

May has been a month of DeFi security incidents. Blockchain security firm CertiK calls attention to 4 major security risks in DeFi

Note: In May, DeFi security incidents were frequent, and according to statistics, about 15 projects were hacked, including Belt Finance, BurgerSwap, Julswap, Merlin, AutoShark Finance, Bogged Finance, Pancake Bunnny, Venus FinNexus, bEarn Fi , EOS Nation, xToken, Rari Capital, Value DeFi, and Spartan, involving a loss of nearly $300 million in funds. It is worth noting that among so many attacks, the DeFi project on BSC seems to be a concentrated attack point for hackers, while lightning loans are the main means of attack for hackers. on May 30, the official of Coin Smart Chain (BSC) also tweeted in response to the frequent security incidents that

We believe there is now an organized hacking team targeting BSC. we urge all DApps to take precautions and take preventive measures.
Previously, BSC also hosted a live event with blockchain security firm CertiK on DeFi risks, which is reviewed in this article to help understand the top 4 security risks in DeFi.

Since its launch 9 months ago, Coin Smartchain (BSC) has become one of the leading DeFi platforms in the world. Today, there are over 600 projects generating tens of millions of transactions per day on BSC.

Blockchain security firm CertiK: Watch out for the 4 biggest security risks in DeFi

However, with great success comes great risk. Hackers have exploited vulnerabilities exposed at different levels and have conducted vulnerability attacks more and more frequently. These vulnerabilities can be divided into 4 broad categories, which we will introduce to give readers a better understanding of the security risks associated with DeFi.

Management key compromise
In smart contracts, modifiers restrict the candidates allowed to invoke certain functions. These functions are typically privileged functions used to modify the contract configuration or manage the funds held in the smart contract. If an attacker gains access to the management key, they can take full control of the smart contract and steal user funds.

How are keys compromised?

The first possibility is through a computer Trojan horse. An attacker can use a Trojan horse to steal a private key stored on a computer. In addition, an attacker can also conduct a phishing attack to trick users into sending their private keys to the attacker. For DeFi projects, sometimes several project stakeholders will share a private key. This allows a malicious insider to use that key to invoke administrative functions and transfer the project’s tokens to their own wallet address.

For example, on March 5, 2021, the PAID network suffered a “mint” attack caused by mismanagement of the private key. the PAID token contract is placed behind a scalable proxy, meaning that the contract can be modified and replaced. The agent’s private key was used to exchange the code deployed behind the agent, which contained malicious code for the destruction and minting functions used during the attack. The attacker destroyed 60 million existing PAID tokens and then minted 59 million tokens for himself. Instantly, the PAID token price dropped from $2.80 to $0.30 as 2,501,203 PAID tokens were dumped on Uniswap for a total of approximately 2,040 ETH. The attackers likely compromised the administrator’s machine through a phishing attack.

On April 19, 2021, 2.98 million EASY tokens were transferred from the official EasyFi wallet to several unknown wallets, which were worth $75 million at the time. EasyFi founders claimed that the hack was caused by a “targeted attack on the founders’ machine/Metamask to obtain the admin key”.

Projects should store private keys securely and should not store management keys in plain text on PC devices or rely on MetaMask hot wallets. We recommend creating a multi-signature (Multisig) account using a hardware wallet. For example, for a team of five, each team member should have his or her own hardware wallet. When they try to send a privileged transaction, they should require at least three of the five team members to sign the transaction, thus preventing an attacker from being able to invoke any privileged functionality if he or she obtains one of the keys.

For token contracts, allowing the minting of new tokens should be avoided if possible. However, if this is not possible, try to use DAO contracts or time-locked contracts as owners instead of EOA accounts (externally owned accounts).

Coding errors
In DeFi, some vulnerabilities are highly complex, but this is not always the case. Sometimes a small coding error in a smart contract can turn into a major disaster, resulting in millions of dollars worth of assets being compromised.

Some common coding errors include

Function allowances (modifications)

Spelling errors

Numeric errors

Missing/incorrect variable value assignments

A notable example is the Uranium Finance hack, which occurred on an unaudited contract and ultimately resulted in a $57 million loss. This was due to the use of inconsistent multipliers when comparing the product of two token balances in the pool before and after the swap, allowing the attacker to swap out most of the tokens from the pool at a cost of 1 Wei.

Uranium Finance code.

Blockchain security firm CertiK: Watch out for the 4 biggest security risks in DeFi

Correct code.

Blockchain security firm CertiK: Watch out for the 4 biggest security risks in DeFi

Another example is the hack from Value DeFi, which resulted in a $10 million loss. It was reported that the initialization function in the contract left out “initialized = true”, meaning that anyone could re-initialize the pool and set themselves as the operator.On May 5, 2021, the attackers re-initialized the pool and set the operator role to themselves, and then used the ” governanceRecoverUnsupported()” function to deplete the pool of pledge tokens.

Vulnerable code in Value DeFi:

Blockchain security firm CertiK: Watch out for the 4 biggest security risks in DeFi

Repair code.

Blockchain security firm CertiK: Watch out for the 4 biggest security risks in DeFi

Both of the above examples were caused by simple coding errors, and both resulted in significant damage. However, these types of errors can be completely and easily eliminated with proper peer review, unit testing, and security audits.

Lightning Loans and Price Manipulation
Flash lending is a way of borrowing large amounts of money from agreements such as Aave or DyDx in return for a fee. The requirement is that the loan needs to be returned in the same transaction. If not, the loan will be returned. The general process of utilizing these loans is as follows.

Borrow a large amount of token A using a lightning loan

Swap token A for token B on DEX (lowering the price of token A and significantly increasing the price of token B)

Utilize a DeFi project that relies on the price of the A/B trading pair

Repaying flash loans

Recently, PancakeBunny was subject to a lightning loan attack where the attackers obtained a total of 114K BNB and 697K Bunny (about $40M at the time). The attackers used lightning credits to manipulate the price of the PancakeSwap USDT-BNB V1 pool, causing a large amount of BNB to flow into the BNB-Bunny pool, which allowed the contract to mint Bunny at an inflated BNB-to-Bunny price. PancakeBunny then used the following function to calculate the Bunny price.

Blockchain security firm CertiK: Watch out for the 4 biggest security risks in DeFi

With a large amount of BNB flowing into the BNB-Bunny pool, the variable “reserve0” becomes large. In the end, the attackers obtained a total of 697K Bunny due to a flawed price calculation.

In addition, there are many other victims who have suffered from the lightning loan attack, including some well-known projects in the DeFi field, including PancakeBunny ($40M capital loss), Harvest Finance ($25M capital loss), Yearn ($11M capital loss), Value DeFi ($7M capital Losses), AKROPOLIS ($2 million in losses), Cheese Bank, XToken, bZx, etc.

If a program needs a price reference, it also needs to be careful because lightning loans may manipulate prices. To prevent this from happening, we recommend using the Time Weighted Average Price (TWAP). TWAP represents the average price of a token over a specific time frame. If an attacker manipulates the price in a block, it is not going to affect the average price. Another suggestion is to use a reliable on-chain price prediction machine, such as Chainlink.

Misuse of third-party protocols and business logic errors
Many projects, such as PancakeSwap and UniSwap, are run independently. In PancakeSwap, users can provide liquidity for revenue farming tokens, or exchange one token for another. Users do not interact with other third-party agreements.

Other programs, such as Yearn Finance, operate differently. Yearn Finance collects user funds and invests them in third-party contracts. It earns revenue by investing the user’s tokens. In other cases, some projects “borrow” code from other projects. For example, PancakeSwap references UniSwap’s code. In both cases, if the source of the third-party code is vulnerable, then the project using that code will also be vulnerable. If the developers of a project are not familiar with the third-party code they are using, then if the vulnerability is exploited, it could cause a major problem.

On May 8, 2021, Value DeFi vSwap AMM’s non-50/50 pool of funds was exploited for a total loss of approximately $11 million. To implement the non-50/50 money pool, Value DeFi copied the “power()” function from “BancorFormula.sol” which is part of the Bancor protocol. In the description of the power() function, it is written that this function does not support the case “_baseN < _baseD”. However, unfortunately, this is how Value DeFi uses this function. The attacker exchanged a small amount of token A for token B by sending a carefully crafted payload to this function.

Value DeFi code.

Blockchain security firm CertiK: Watch out for the 4 biggest security risks in DeFi

There are many other similar cases in the DeFi space. on May 8, 2021, an attacker withdrew approximately 2,600 ETH from the Rari Capital Ethereum pool by exploiting the functionality of the ibETH pool (banking contract) of Alpha Homora V1 integrated in Rari Capital V2. Bearn Finance, on the other hand, allowed the withdrawal of ibBUSD using the BUSD withdrawal amount in its “BvaultsStrategy” contract, allowing the attackers to remove 10,859,319 BUSD from the pool.

Compared to the previous issues, such vulnerabilities are more difficult to detect and caution should be exercised when using projects that communicate with any third-party protocol. We do not recommend blindly copying and deploying code that developers do not understand. Developers should fully understand third-party protocols and how forked projects work before integrating them and deploying them into production. It is also recommended that developers first deploy their project on a test network and run a test run to check for anomalies in the transaction log.

As an end user, it is sometimes difficult to find out detailed information about a project before interacting with it using personal assets. This is when it is possible to browse the security of the project with the help of audit reports from blockchain security companies.

In short, creating a DeFi project can be fun, but getting hacked is not. It is difficult to make a project 100% secure, but we can do as much as possible to protect.

Keep management keys secure

Avoid simple coding errors

Use reliable on-chain price feeds

Undergo security audits and be prepared for them

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2021-05-31 05:45
Next 2021-05-31 06:05

Related articles