Slow Mist: XCarnival NFT Lending Protocol Vulnerability Analysis

On June 27, 2022, according to SlowMist, the XCarnival project was exposed to a serious vulnerability and was hacked and 3,087 ETH (about $3.8 million) was stolen. XCarnival is an NFT lending project on the ETH chain. The project team is currently fixing the vulnerability and promising to provide solutions for affected users. The SlowMist security team immediately intervened in the analysis and shared the results as follows:

Related Information

Core contract address

P2Controller:

0x34ca24ddcdaf00105a3bf10ba5aae67953178b85

XNFT

0x39360AC1239a0b98Cb8076d4135d0F72B7fd9909

xToken:

0x5417da20aC8157Dd5c07230Cfc2b226fDCFc5663

Attacker EOA address

0xb7cbb4d43f1e08327a90b32a8417688c9d0b800a

Attack contract address

0xf70F691D30ce23786cfb3a1522CFD76D159AcA8d

0x234e4B5FeC50646D1D4868331F29368fa9286238

0x7B5A2F7cd1cc4eEf1a75d473e1210509C55265d8

0xc45876C90530cF0EE936c93FDc8991534F8A6962

Vulnerability core point analysis

1. The attacker mortgages NFT and lends xToken through the pledgeAndBorrow function in the XNFT contract.

Slow Mist: XCarnival NFT Lending Protocol Vulnerability Analysis

Transfer to the NFT and generate an order in the pledgeInternal function:

Slow Mist: XCarnival NFT Lending Protocol Vulnerability Analysis

2. Then call the withdrawNFT function to extract the pledged NFT, which first judges whether the order has been liquidated, and if not, judges whether the order’s status is that the NFT has not been withdrawn and the loan amount is 0 (no debt). Collateral NFTs that can be withdrawn.

Slow Mist: XCarnival NFT Lending Protocol Vulnerability Analysis

3. The above is the preparation operation for generating the order before the attack, and then the attacker starts to use the generated order to directly call the borrow function in the xToken contract to borrow money.

Slow Mist: XCarnival NFT Lending Protocol Vulnerability Analysis

In the borrowInternal function, the borrowAllowed function in the controller contract is called externally to determine whether the loan can be borrowed.

Slow Mist: XCarnival NFT Lending Protocol Vulnerability Analysis

It can be seen that the borrowAllowed function will call the orderAllowed function to judge the order related information, but neither of these two functions will judge the status of _order.isWithdraw. Therefore, the attacker can use the previously generated order (the mortgaged NFT in the order has been withdrawn) to call the borrow function of XToken to borrow, and because the mortgaged NFT has been proposed before, the attacker can achieve this without repayment profit.

Slow Mist: XCarnival NFT Lending Protocol Vulnerability Analysis

Attack Transaction Analysis

Only the details of one of the attack transactions are shown here, and the methods of the other attack transactions are the same, and will not be repeated here.

Preparing for the attack – the transaction that generated the order:

0x61a6a8936afab47a3f2750e1ea40ac63430a01dd4f53a933e1c25e737dd32b2f

1. First, the attacker transfers the NFT to the attack contract and authorizes it, and then calls the pledgeAndBorrow function in the xNFT contract to mortgage the NFT to generate an order and borrow money. It should be noted here that this function can control the incoming xToken, attacking The user passed in the xToken contract address constructed by himself, and set the loan amount to 0, in order to meet the conditions of not being liquidated and 0 debt when the NFT can be successfully proposed later.

Slow Mist: XCarnival NFT Lending Protocol Vulnerability Analysis

2. The attacker then calls the withdrawNFT function to withdraw the mortgaged NFT:

Slow Mist: XCarnival NFT Lending Protocol Vulnerability Analysis

Formal attack transaction:

0x51cbfd46f21afb44da4fa971f220bd28a14530e1d5da5009cfbdfee012e57e35

The attacker calls the borrow function of the xToken contract, passes in the orderID of the previously generated order, and repeats the operation 22 times (orderID: 45 – 66), and because the NFT has been withdrawn in the preparation stage, it is estimated that there is no need to repay this to obtain the money. profit.

Slow Mist: XCarnival NFT Lending Protocol Vulnerability Analysis

Summarize

The core of this vulnerability is that when borrowing, there is no judgment on whether the NFT in the order has been withdrawn, so that the attacker can use the previously generated order to borrow without repaying the NFT after withdrawing the NFT. profit. In response to such vulnerabilities, the SlowMist security team recommends that when borrowing, you should make a good judgment on whether the collateral has been withdrawn in the order status to avoid such problems from occurring again.

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/slow-mist-xcarnival-nft-lending-protocol-vulnerability-analysis/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-06-28 00:23
Next 2022-06-28 00:25

Related articles