On August 4, Known Chuangyu Blockchain Security Laboratory monitored that Wault Finance, the DeFi protocol on the BSC chain, was attacked by lightning loans, and its value dropped by nearly half. The laboratory tracks and analyzes this incident as soon as possible.
Attack contract address: 0xaa895873a268a387e38bd841c51d2804071197a10x50AFA9383EA476BDF626d6FbA62AFd0b01C8fEa1
Victim contract address: 0x6102d8a7c963f78d46a35a6218b0db4845d1612f0xa79fe386b88fbee6e492eeb76ec48517d1ec759a
1. Get start-up capital
First, the hacker borrowed 16.83 million WUSD from the WUSD-USDT pool through flash loans
Then burn WUSD through WUSDMaster to obtain 15.03 million USDT and 106.5 million WEX
The hacker then borrowed 40 million USDT from PancakeSwap through flash loans, and exchanged 23 million USDT for WEX
2. Attack phase
The hacker repeatedly pledges USDT to WUSDMaster to obtain WUSD. In this process, WUSDMaster will automatically replace part of USDT with WEX
Finally, convert the WEX in hand to USDT
The hacker returned the flash loan and exchanged the profitable tokens into ETH, and then cross-chain exit via AnySwap.
The attack process involves principle analysis
In fact, the principle is very simple, that is, hackers use flash loans to buy a large amount of WEX at low prices, then raise the price of WEX by pledge USDT to WUSDMaster, and finally sell them to make a profit.
Then why does WUSDMaster increase the WEX price when receiving pledges?
In the analysis of the attack process, we can see that when the hacker pledges USDT to obtain WUSD, the WUSDMaster contract automatically converts a portion of USDT to WEX
Observe the source code
Obviously, when a large number of pledge transactions occur, the WEX in the trading pair will drop significantly, and its value will rise rapidly. At this time, hackers can make huge profits by selling WEX.
Recently, there have been frequent attacks on the BSC chain, and contract security increasingly needs urgent attention. Contract audits, risk control measures, emergency plans, etc. all need to be implemented in earnest.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/wault-finance-lightning-loan-security-incident-analysis/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.