Manipulating the oracle can be a white wolf with empty gloves? DEUS Finance DAO Stolen $15.7M Attack Analysis


At 10:40:14 Beijing time on April 28, 2022, the CertiK audit team detected that DEUS Finance’s contract was maliciously attacked , resulting in a loss of about 15.7 million US dollars (equivalent to about 103 million yuan).

The attacker maliciously manipulated the price of DEI and extracted a large amount of DEI from the DeiLenderSolidex contract by providing a small amount of collateral.

Vulnerable Transaction

Attack steps

① The attacker deploys the attack contract and provides collateral to the loan pool DeiLenderSolidex contract.

②The attacker then used the attack contract to obtain more than 143,200,000 USDC to launch the attack.

③The attack contract exchanged the 143,200,000 borrowed USDC for 9,547,716 DEI in the USDC/DEI trading pair pool 0x5821573, which led to a significant increase in the price of DEI.

④ Since the DeiLenderSolidex contract uses the oracle to determine the value of the user’s collateral, and the oracle contract uses the price of the maliciously manipulated trading pair pool as the price source. Therefore, with the increased price and the previously provided collateral, the attacker can borrow a total of 17,246,885 DEI from the lending pool (DeiLenderSolidex), which is much larger than the previous collateral provided by the attacker.


⑤ The attacker used the 143,184,725 USDC exchanged by 9,547,716 DEI to repay the flash loan, and finally got the difference and left the market.

Vulnerability Analysis


Through flash loans, attackers are able to manipulate the state of trading pairs and further manipulate the price of DEUS oracles , thereby taking advantage of unequal values ​​to lend and borrow DEI.

Where to go

At the time of writing, the hacker had transferred the proceeds of the attack to Ethereum and exchanged it for ETH, and subsequently deposited 5,446 ETH (about $15.7 million in total) into Tornado Cash. 

write at the end

The oracle contract should not directly use the price in the trading pair pool as the price source, and security audits can effectively avoid this risk.

CertiK security experts advise: If only token contracts are audited, this situation will point to third-party dependency risks during the audit . Projects should avoid getting prices directly from the trading pair pool. It is recommended to use more trustworthy oracles according to the logic of the project:

  1. Use multiple sources of reliable on-chain price oracles, such as Chainlink and Band Protocol.
  2. Use Time Weighted Average Price (TWAP). TWAP represents the average price of a token over a specific time frame. So if an attacker manipulates the price of only one block, it will not have much effect on the average price.
  3. Restrict function callers to a non-contract/EOA address if contract mode allows.  
  4. Flash loans only allow users to borrow in one transaction. Critical transactions can be enforced to span at least two blocks if the contract’s use case allows it. 

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-04-28 10:07
Next 2022-04-28 10:09

Related articles