Note: Ackee audited previous versions of the protocol before the attacked MimCurveStakeDAO strategy was added.
Exploit Causes
The exploit consisted of two hacks, both of which: Price caching vulnerability The first target was Zunami ETH (zETH) and the second target was Zunami Stable (UZD). The first attack was drained. Only 26 WETH, the second is a whopping 1178 WETH.
The root cause was price manipulation using . MIMCurveStakeDao The strategy is to then cache the inflated price for an entire block of UZD (suitable for flash lending) and then reverse the previous operation to profit from the inflated price.
price caching
UZD’s Liquidity Pool (LP) price caching was partially implemented in version 1.0. thanked By Ackee Blockchain. However, it is not used globally and functions as follows: balanceOf Instead of caching, we were making multiple costly calls (calculating LP prices in our strategy).
Caching has been expanded with the following features: totalSupply, balanceOf and allowance later UZD version 1.1. Caching has been adjusted in the following way:
source
This allowed inflated prices to be called in other contracts. balanceOf function.
Version 1.1 was released without an audit. It was later audited by HashEx for the release of v1.2 on October 29, 2023. audit reportNo attack vectors using cached functions were found.
MIMCurveStakeDao Strategy
This strategy was introduced in commit. 6df0ae5. Since the calculation depends on the price and balance of the strategy, an attacker can change the LP price calculation by donating SDT tokens to the strategy. This strategy was audited by HashEx before release (see this). audit report) However, no exploitability was found.
attack
The attack occurred on August 13 and can be viewed here. https://explorer.phalcon.xyz/tx/eth/0x0788ba222970c7c68a738b0e08fb197e669e61f9b226ceec4cab9b85abe8cceb
Or you can check: PoC (Good job DeFiHackLabs!)
We hope this postmortem will be helpful and contribute to making web3 a safer place free of hacking and exploits.
