On November 1, MetaScout detected that Onyx Protocol, a lending protocol on Ethereum, suffered a flash loan attack and lost $2.1 million. The root cause is that hackers targeted and executed the proposal to add a new market first, as well as the id accuracy loss issue in the Compound fork protocol.
MetaTrust Labs conducted in-depth research and analysis of the incident, revealing how hackers used governance proposals and protocol vulnerabilities to launch this attack on Onyx Protocol.
About Onyx Protocol
Onyx Protocol (https://docs.onyx.org/) is a lending marketplace designed to provide secure and trustless credit and lending services to users on the Ethereum network.
On October 29, 2023, Onyx Protocol (https://x.com/OnyxProtocol/status/1718348637158137858?s=20) launched proposal OIP-22 to add $PEPE to the market. Unfortunately, the proposal was targeted and attacked by hackers.
At the same time, judging from the contracts deployed on the Onyx chain, it is a Compound derivative protocol. Due to the attack, its TVL dropped from US$2.86 million to US$550,000.
offensive operations
attack loss
Total losses from the two attack transactions were approximately $2.14 million
attacker
0xdec2F31C3984F3440540DC78Ef21b1369d4eF767 0x5083956303a145f70ba9f3d80c5e6cb5ac842706
Attack contract
0x052ad2f779c1b557d9637227036ccaad623fceaa
Contract under attack
Agency contract:https://etherscan.io/address/0x5fdbcd61bc9bd4b6d3fd1f49a5d253165ea11750
Implement the contract:https://etherscan.io/address/0x9dcb6bc351ab416f35aeab1351776e2ad295abc4#code
governance contract
https://etherscan.io/address/0xdec2f31c3984f3440540dc78ef21b1369d4ef767
Attack steps
TL;DR
Take the attack transaction 0x f 7 c 216 as an example
1. Hacker (0x 085 bDf) first implements proposal OIP-22 to add a new market called oPEPE (0x 5 fdbcd)
2. Launched a flash loan from AAVE and earned 4,000 $WETH within a minute of the new market being added
Exchange 4, 000 $WETH for 2, 520, 870, 348, 093 $PEPE
Move all $PEPE to address 0x f 8 e 153
Create a contract at the above address 0x f 8 e 153, use 1 $PEPE to mint 50, 000, 000, 000, 000, 000, 000 $oPEPE, redeem most of the $oPEPE, leaving only 2 wei to give oPEPE Market
Transfer 2, 520, 870, 348, 093 $PEPE to oPEPE and enter the market as $oPEPE
Borrow 334 $ETH
Due to accuracy loss, only 1 wei of $oPEPE was redeemed in exchange for 2, 520, 870, 348, 093 $PEPE
Repeat the above steps from step b to step f, borrow $USDC, $USDT, $PAXG, $DAI, $WBTC and $LINK, and exchange them for $ETH
Exchange rate = (Total Cash + Total Lending - Total Reserves) / Total Supply = 2, 520, 870, 348, 093, 423, 681, 390, 050, 791, 472 / 2 = 1, 260, 435, 174, 046 , 711, 840, 695, 025, 395, 736
Redemption amount = 2, 520, 870, 348, 093, 423, 681, 390, 050, 791, 470
Due to transaction truncation, redemption token = redemption amount / exchange rate = 1
881, 647, 840 wei $PEPE of liquidating borrower (0x f 8 e 153)
Redeemed 856, 961, 701 wei $PEPE
3. Used 4,002 $WETH to pay off AAVE’s flash loan and obtained a profit of 1156.9 $ETH.
root cause
On the one hand, hackers are very familiar with the accuracy loss problem of the Compound protocol and have noticed the vulnerabilities of Onyx Protocol in advance. Therefore, hackers may have been aware of the problems in proposal OIP-22 early. Once the proposal is activated and ready for execution, hackers will be the first to execute it. proposal, and launched the attack just a minute later.
On the other hand, precision loss vulnerabilities are the root cause of attacks. The hacker manipulated totalSupply to a very small value, 2, and increased totalCash to a very large value, 2520870348093423681390050791471, to amplify the exchangeRate, resulting in calculation truncation upon redemption.
Security advice
Conduct detailed audits of governance proposals, not limited to smart contracts, especially in initialization scenarios and other edge cases;
Consider adding a small amount of shares when the market is initialized to prevent manipulation, especially for the Compound protocol;
A monitoring system is recommended to suspend the protocol in the event of an emergency. If Onyx already has a monitoring system in place, the second attack transaction may have been blocked more than half an hour after it occurred to reduce losses. Additionally, integrating a memory pool blocking system would be very beneficial. This system can effectively detect attack transactions in the mempool while the attacker is executing the attack, allowing preventive blocking to avoid losses.
Capital flows
At the time of writing, the attacker (0x 085 bDf) has used another controlled address (0x 4 c 9 c 86) to transfer 1140 $ETH to the currency mixing platform Tornado.Cash
Another attacker still keeps stolen coins in the wallet (0x 508395)
Similar attack cases
This vulnerability is similar to the hacker attack suffered by Hundred Finance on April 15, 2023, which resulted in a loss of approximately $7 million. Transaction link: 0x6e9ebcdebbabda04fa9f2e3bc21ea8b2e4fb4bf4f4670cb8483e2f0b2604f451
About MetaTrust Labs
MetaTrust Labs is a leading provider of Web3 artificial intelligence security tools and code audit services incubated by Nanyang Technological University in Singapore. We provide advanced AI solutions that empower developers and project stakeholders to secure Web3 applications and smart contracts. Our comprehensive services include AI security scanning, code auditing, smart contract monitoring and transaction monitoring. At MetaTrust Labs, we are committed to securing the Web3 landscape so builders can innovate with confidence and reliability.
Website: metatrust.io
Twitter: @MetatrustLabs