Fei Protocol attack event analysis: how to break the “reentrancy vulnerability”

On April 30, 2022, the public opinion monitoring of Chengdu Lian’an Chain Bing-Blockchain Security Situational Awareness Platform showed that Fei Protocol’s official Rari Fuse Pool was attacked by hackers, and the hackers earned about 28,380 ETH, about 80.34 million US dollars, Chengdu Chain An technical team analyzed the incident for the first time, and the results are as follows.

Fei Protocol attack event analysis: how to break the "reentrancy vulnerability"

#1 Event related information

Since the vulnerability appears in the basic protocol of the project, the attacker has attacked more than one contract. Only one example is analyzed below.

attack transaction

0xab486012f21be741c9e674ffda227e30518e8a1e37a5f1d58d0b0d41f6e76530

attacker address

0x6162759edad730152f0df8115c698a42e666157f

attack contract

0x32075bad9050d4767018084f0cb87b3182d36c45

Attacked contract

0x26267e41CeCa7C8E0f143554Af707336f27Fa051

#2 Attack Flow

1. The attacker starts with a flash loan from Balancer: Vault.

Fei Protocol attack event analysis: how to break the "reentrancy vulnerability"

2. Use flash loan funds for mortgage lending in Rari Capital, due to the re-entrancy of Rari Capital’s cEther implementation contract.

Fei Protocol attack event analysis: how to break the "reentrancy vulnerability"

The attacker withdraws all the tokens in the pool affected by the protocol by calling back the attack function constructed in the attack contract.

Fei Protocol attack event analysis: how to break the "reentrancy vulnerability"

Fei Protocol attack event analysis: how to break the "reentrancy vulnerability"

Fei Protocol attack event analysis: how to break the "reentrancy vulnerability"

3. Repay the flash loan and send the attack proceeds to the 0xe39f contract

Fei Protocol attack event analysis: how to break the "reentrancy vulnerability"

Fei Protocol attack event analysis: how to break the "reentrancy vulnerability"

3 Vulnerability Analysis

This attack mainly exploits the reentrancy vulnerability in Rari Capital’s cEther implementation contract

4 Fund Tracking

As of the time of publication, the stolen funds exceeded 28,380 ETH (approximately $80.34 million) . Using Chengdu Lianan’s “Lian Bichai” tracking, it was found that the attacker was transferring through Tornado Cash, most of which were still in the attacker’s address.

5 Summary

In response to this incident, the Chengdu Chain Security team recommends:

When making Ethereum transfers, use call.value with caution. Use to make sure that reentrancy doesn’t happen . Before the project is launched, it is recommended to choose a professional security audit company to conduct a comprehensive security audit to avoid security risks.

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/fei-protocol-attack-event-analysis-how-to-break-the-reentrancy-vulnerability/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-04-30 09:37
Next 2022-04-30 22:13

Related articles