Incident Summary
In October 2024, CryptoBottle on Polygon was exploited on three separate occasions with combined losses totalling ~$527k. In the latest incident on 24 October, the largest of the three, an attacker exploited a critical vulnerability to disable a balance check in the swap() method after callback, and made arbitrary swaps to acquire a large amount of NAS tokens which they then sold to drain the project of ~$490k USDT.
Following the incident the project announced via their Discord that the protocol would be suspended while they improve security.
Two other incidents had already occurred in October, one of which was by the same exploiter.
- On 1 October approximately $6,000 was taken from contract 0x34EFEbC3fdfC4503547116234E4efb203C90ca72 (NA) due to missing access control on the contract’s withdrawUserLIquidity() function.
- On 22 October CryptoCuvee contract 0x4660083D21e3A7e1eC5af8f46A31dCFAa78479Ed was exploited for $31k. This time there was code vulnerability allowing the attacker to purchase all of the Cryptobottles and instantly extract their contents.
Key Transactions
The following analysis focuses on the incident on 24 October.
Attack Transactions
Contract creation:
Exploit transactions:
- 0x115203d01c2e95d8c3585ec5c561bc7e40425f2a7c019abb1f3fc498cf451f90
- 0xe5dd83bc9fa21f861c3257e9272f923ec638515dfbbb61a2a96d15a1f6315cf8
- 0x5ba0f939dc3d05767ee916beef56637e684adb45c2366d0646e2e80ae0c2ece2
- 0xeb910745dae4f24a9b732f9a8e8c91a0c06468659772a8141715422cf74b1a01
- 0x675e34ead62ea0e8c02d5e1160727a1c6bda36d6ddff159b6df17ced25c2e11e
- 0xd4a7e76a219bab51c0bb19f86e936d37c65d016bb3c6f92647b4c94a6e2e3e64
Attack Flow and Vulnerability
Addresses
Exploiter:
- 0x9cE632E5FDB7151ee84e55Cf323CDb7A2977C7CE
- 0x5ec50b39829ab40291745fea6e11f10f3845fadb Vulnerable Contract: 0x5d6084Bf7a8049Fd3db89a7af9e7291002F36Ac7 (Navigator’s Adventage)
Vulnerability
Flash swaps are an integral feature of Uniswap V2, during which, pair contracts send output tokens to the recipient before enforcing a balance check to ensure that enough input tokens have been received for the swap. If this balance check is bypassed, anyone can make any deal and drain the pair which is the case for this incident.
The vulnerable Navigator’s Adventage contract let users acquire NAS tokens either by minting at a fixed price or by swapping, like on a typical automated market maker (AMM). This option is supposed to be controlled by the 'fixedPriceEnabled’ variable. However, anyone can set this variable to True or False as it is controlled by public functions.
When 'fixedPriceEnabled' is set to true, the mint() method is enabled and 'fixedPrice' is set to 10 20. Critically, the balance check in the swap() function is disabled after callback. This means anyone can effectively make any deal they wanted through swap(). The attacker used this to swap X amount of NAS tokens for 1 USDT.
Step by Step
- Before conducting any swaps, the attacker first called function 0xeebe2e12() which set 'fixedPriceEnabled' at storage 0xe to True. 0xecde63a09b2d1a83eeb3cd2b693038dc9ea3258d5be1c13eea336381ade8eae5
- The attacker then called the “Invest()“ function on the attack contract to make several arbitrary swaps with just 1 USDT to acquire large amounts of NAS tokens. a. 1 USDT → 1,000 NAS b. 1 USDT → 10,000 NAS c. 1 USDT → 40 million NAS (three times)
- The attacker set 'fixedPriceEnabled’ at storage 0xe back to False via function 0xf9ae(). They then called “Claim“ on the attack contract and conducted several normal swaps to dump the acquired NAS tokens and drain the USDT held in the Navigator’s Adventage contract.
Fund Flow
On 24 October 2024, between 3PM and 3:30PM, wallet address 0x9cE632E5FDB7151ee84e55Cf323CDb7A2977C7CE and associated attack contract 0xfCDd0d0A914bE6e64AE099646CCda189F8323556 received a total of 493 652,17 USDT from Navigator’s Adventage (NA) Contract 0x5d6084Bf7a8049Fd3db89a7af9e7291002F36Ac7.
Less than a hour later, the funds were sent to a new address: 0x5ec50b39829ab40291745fea6e11f10f3845fadb.
0x5ec is linked to the second incident involving CryptoCuvee contract 0x4660083D21e3A7e1eC5af8f46A31dCFAa78479Ed, also owned by CryptoBottle, on 22 October. At the time of writing, the funds are still held in the wallet.
The Stats
In October 2024 we recorded 21 incidents as a result of code vulnerabilities with a total loss of $2.4M. Code vulnerabilities account for the second highest number of incidents behind major phishing incidents, for which we recorded 26 incidents during the month. Losses from code vulnerabilities however are significantly lower than phishing incidents and private key compromises. During the same period in 2023, there were 12 incidents due to code vulnerabilities, resulting in losses of approximately $1.5M.
To mitigate vulnerabilities, it is recommended to conduct regular audits of smart contracts. To keep up to date on the latest incident alerts and statistics follow @certikalert on X, or read our latest analysis on certik.com.
