Summary
According to ElasticSwap’s website, ElasticSwap is an Automated Market Maker (AMM) focused on elastic supply tokens. An AMM is a protocol that allows digital assets to be traded in a decentralized way. AMMs have introduced a number of other innovations such as liquidity pools.
ElasticSwap was exploited three times by multiple flash loan attacks that led to approximately $850,000 in stolen funds. The attacker exploited a vulnerability in the ElasticSwap exchange contract, allowing the attacker to manipulate all ElasticSwap pools on the Avalanche blockchain and drain their liquidity.
On 12 December, 2022, at 07:33 AM +UTC the ElasticSwap team announced to the community via Twitter (@ElasticSwap) that an exploit had occurred and that they were hoping to recover funds.
Image: Exploit announcement from ElasticSwap team. Source: Twitter
The ElasticSwap team posted an additional message on their Discord disclosing that they have a bounty program and were willing to negotiate the return of funds.
Image: Discord announcement highlighting their bounty program. Source: Discord
Two days later, a majority of the funds were recovered. According to the ElasticSwap team, an EVM bot was successful at front running the attacker on Ethereum. The owner of the bot and the owner of the relayer bot have refunded the majority of stolen funds in accordance with the ElasticSwap bounty program. At the time of writing, the ElasticSwap Ethereum treasury multisig wallet is in possession of slightly over 487 ETH, valued at $625,000.
On 15 December, 2022, at 08:24 AM +UTC the team posted a link asking the community to vote on how they would like the recovered assets managed while they work through proposals to refund those affected by this attack.
Image: ElasticSwap funds management poll. Source: Discord.
On 22 January, 2023, the ElasticSwap team posted in the Discord announcement channel two links to JSON files that contain aggregate losses for USD Coin (USDC) and AMPL. The losses are sorted by address across all chains for the community to review. At the time of writing the ElasticSwap team claims to have recovered approximately 55% of user funds.
Image: ElasticSwap user loss announcement. Source: Discord.
On 1 February , 2023, an additional message was sent to the team's announcement Discord channel to update the JSON file regarding the amount of TIC that was lost on ETH.
Image: ElasticSwap user loss update announcement. Source: Discord.
Relevant Addresses
Attacker: 0x3bdF0…
Attacker contract: 0xa274…
New contract used to check LP status: 0xffeF4…
Victim contract: 0x4ae1D…
Attack one transaction: 0x782b2…
Attack two transaction: 0x23bc3…
Attack three transaction: 0xa6cf0…
Attack Flow Example
- The attacker borrowed 51,112 $TIC from SushiSwap and 766,685 USDC.e from TraderJoe
- Then the attacker added liquidity twice. The first time the attacker only added a trace amount of $TIC. The second time the attacker added 41,532 $TIC and 196,885 USDC.e. This allowed the attacker to gain 0.44 LPs.
- The internal balance reserve was approximately 41,532 $TIC and the attacker gained 41,532 LPs. Additionally, 393,769 USDC.e transferred to the liquidity pool, raising the total balance from 393,770 to 787,539 USDC.e.
- The attacker then called removeLiquidity() to claim $TIC and USDC according to the new balance, getting 41,532 TIC and 393,769 USDC.e, which is the whole internal reserve balance.
- The attacker then swapped 50 USDC for $TIC, draining 41,119 $TIC which is nearly all that remained in the reserve.
- The attacker added 92,231 $TIC and 11,270 USDC to liquidity to receive 0.98 LP which accounted for its total supply. Lastly, the attacker invoked removeLiquidity() to drain the LP of 92,231 $TIC and 403,283 USDC.e.
Contracts Vulnerability Analysis
The primary vulnerability in this exploit is that the calculation of quoteTokenQtyToReturn is based on the current quote token balance, which was easy to manipulate by transferring the token to the contract directly.
Image: Contract Vulnerability. Source: Internal.
Conclusion
While a significant amount of assets were taken from users, the ElasticSwap team was able to recover most of their funds through their bounty program. At the time of writing, 50.89% of users have voted to convert the funds proportionally.
Smart contract auditing can recognize and neutralize incidents before malicious actors can exploit and steal funds. Protect yourself and your assets by following @CertiKAlert on Twitter to stay up to date on all the latest Web3 security news, and visiting certik.com to check out the Security Leaderboard and learn more about auditing.
