Wault Finance Lightning Loan Security Incident Analysis

Preface

On August 4,  Known Chuangyu Blockchain Security Laboratory monitored that Wault Finance, the DeFi protocol on the BSC chain, was attacked by lightning loans, and its value dropped by nearly half. The laboratory tracks and analyzes this incident as soon as possible.

v2-9b178f29939db0de702937aa5863cb38_720w.jpg

Involved

Attack contract address: 0xaa895873a268a387e38bd841c51d2804071197a10x50AFA9383EA476BDF626d6FbA62AFd0b01C8fEa1

Victim contract address: 0x6102d8a7c963f78d46a35a6218b0db4845d1612f0xa79fe386b88fbee6e492eeb76ec48517d1ec759a

Attack process

1. Get start-up capital

First, the hacker borrowed 16.83 million WUSD from the WUSD-USDT pool through flash loans

v2-3729a86169eac92821947d5ad53486bf_720w.jpg

Then burn WUSD through WUSDMaster to obtain 15.03 million USDT and 106.5 million WEX

v2-740bf899287ccef94457e3b23b507691_720w.jpg

The hacker then borrowed 40 million USDT from PancakeSwap through flash loans, and exchanged 23 million USDT for WEX

v2-0f2c4bddf3256614f3caec6b39ae5681_720w.jpg

2. Attack phase

The hacker repeatedly pledges USDT to WUSDMaster to obtain WUSD. In this process, WUSDMaster will automatically replace part of USDT with WEX

v2-c34a9d4ed630818f5f90a40272b83143_720w.jpg

Finally, convert the WEX in hand to USDT

v2-3351c6644986b3577e93dec6cea75328_720w.jpg

3. Departure

The hacker returned the flash loan and exchanged the profitable tokens into ETH, and then cross-chain exit via AnySwap.

v2-40530cecaa37a16b382142de5c56a8f6_720w.jpg

The attack process involves principle analysis

In fact, the principle is very simple, that is, hackers use flash loans to buy a large amount of WEX at low prices, then raise the price of WEX by pledge USDT to WUSDMaster, and finally sell them to make a profit.

Then why does WUSDMaster increase the WEX price when receiving pledges?

In the analysis of the attack process, we can see that when the hacker pledges USDT to obtain WUSD, the WUSDMaster contract automatically converts a portion of USDT to WEX

Observe the source code

v2-badac24e5c73fd8065a7175c1be594a1_720w.jpg

Obviously, when a large number of pledge transactions occur, the WEX in the trading pair will drop significantly, and its value will rise rapidly. At this time, hackers can make huge profits by selling WEX.

Summarize

Recently, there have been frequent attacks on the BSC chain, and contract security increasingly needs urgent attention. Contract audits, risk control measures, emergency plans, etc. all need to be implemented in earnest.

 

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/wault-finance-lightning-loan-security-incident-analysis/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Leave a Reply