On April 2, 2022, the public opinion monitoring of Chengdu LianAn Chain Bing-Blockchain Security Situational Awareness Platform showed that the Inverse Finance project was attacked, and the cumulative loss was estimated to be about 15 million US dollars . The Chengdu Lian’an technical team conducted a relevant analysis on this incident for the first time.
1 The analysis is as follows
Attack address 1:
Attack address 2:
Attack transaction hash:
First, the attacker withdraws 900 ETH from Tornado.Cash to prepare for the increase in the price of the INV token.
The attacker used 300 ETH to exchange for 374 INV tokens, and then exchanged 200 ETH for 1372 INV tokens, a total of 1746 INV tokens. It can be found here that the first pool only exchanged 374 INV tokens with 300 ETH. INV, but 200 ETH was exchanged for 1372 INV tokens later, the INV price in the first pool WETH/INV has been significantly raised.
When calculating the Xinv token price, rely on the pair WETH/INV (0x328dfd0139e26cb0fef7b0742b49b0fe4325f821) to calculate. Because the pair pool has been manipulated, and the timeElapsed interval is short, the attacker needs to be able to use the manipulated price if it is not called in the current block, and then manipulate the value of the xINV token.
It can be seen that when the attack manipulates the pair, it keeps sending mint transactions to ensure that it can maximize the use of the time window. At the same time, the attacker cleverly avoided the price-manipulating block (14506358) to mint, otherwise he would use the previous block of the price-manipulating block to calculate the price.
Then the attacker directly mint all the 1746 INV tokens he held (here, it is regarded as a mortgage), in exchange for 1156 xINV tokens (LP tokens), and then relied on the held xINV to lend a large amount of tokens.
The cumulative loss of the Inverse finance project party is estimated to be approximately US$15 million.
Here, Chengdu Lianan recommends the project party to use a sufficiently long time window. For example, you can refer to the following Uniswap sample code, timeElapsed must be greater than 24 hours.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/defi-faces-embattled-about-15-million-stolen-from-inverse-finance/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.