Back to all stories
Reports
Incident Analysis
Inverse Finance Incident Analysis
6/16/2022
Inverse Finance Incident Analysis

TL:DR

On 16 June 2022 a threat actor exploited Inverse Finance with a flash loan attack which netted them 1068.215 ETH after conversions, about $1.26 million in total. The attacker then sent 1,000 ETH to Tornado Cash and left $75k remaining in the wallet.

Event Summary

Inverse Finance is a suite of permission-less decentralized finance tools governed by Inverse DAO, a decentralized autonomous organization running on the Ethereum blockchain.

Exploiters used a flashloan attack to trick the protocol and initially used a fund of 1 Eth which was withdrawn through Tornado Cash. On chain data shows that the exploiter flash-borrowed ~27,000 wrapped bitcoin (worth about $579 million) from lending protocol Aave to conduct the attack at around 4:47 AM ET. The funds were routed through swap service Curve for various stablecoins before being used to remove DOLA, a stablecoin, from Inverse Finance pools. An address tagged as “Inverse Finance Exploiter” sent ~900 ETH to Tornado Cash following the exploit. Overall, 53.24 wBTC ($1,131,657) and 99,976 USDT were taken.

That same day, Inverse Finance developers paused borrowing functions for users and said they were investigating the incident on their Twitter account Inverse+ on Twitter.

On 2 April 2022, Inverse Finance was previously exploited via a flash loan which manipulated Oracle price for ~$14.5M. Inverse Finance Exploit The attacker successfully manipulated the price of INV tokens by accessing Oracle on a decentralized exchange Sushiswap.

Attack Flow

The attacker’s contract flashloaned 27,000 WBTC tokens from AAVE. Attack Flow 1

WBTC was added as liquidity to the Curve pool: WETH-USDT-WBTC. Attack Flow 2

The obtained LP tokens were deposited to the Yearn’s Vault. Attack Flow 3

Yearn’s Vault tokens were deposited to Inverse Finance’s Yearn 3Crypto Vault to serve as collateral on Inverse Finance. Attack Flow 4

The malicious smart contract then uses the remaining 26,775 WBTC (around $569M) of the initial flashloan to swap it for 75 Million USDT on Curve 3Crypto (WETH-USDT-WBTC). Attack Flow 5

The above step manipulates the pricing oracle by imbalancing the pool compared to when the collateral was provided on Inverse Finance’s Yearn 3 Crypto Vault. The attacker is then able to borrow $10M worth of Dola USD StableCoin (DOLA). Attack Flow 6

Then, the 75M USDT is swapped back for 26,626 WBTC Attack Flow 7

The attacker’s smart contract then uses the borrowed DOLA to provide liquidity to the Curve Metapool for DOLA-3Pool. Attack Flow 8

The liquidity is then removed for around 10.1M USDT. Attack Flow 9

Then, it converts 10M USDT to 451 WBTC using the 3Crypto pool on Curve. A remaining 99,976.294 USDT was kept in the attacker’s smart contract. Attack Flow 10

The flashloan is finally repaid on AAVE. Attack Flow 11

Contracts Vulnerability Analysis

The vulnerable contract uses the YVCrv3CryptoFeed as the price oracle for Inverse Finance's DOLA lending pool. The YVCrv3CryptoFeed price oracle determines the price of the Yearn’s Vault token based on the balance of different tokens in the USDT-WBTC-WETH Curve pool, which can be manipulated by the attacker.

Contracts Vulnerability Analysis

Profit and Asset tracing

The attack left 53.244 WBTC and 99,9976.294 USDT remaining on the contract which was withdrawn by the attacker calling a withdrawERC20() function on their contract. The WBTC was swapped for 983.290 Ether and USDT was swapped for 84.925 Ether, totaling 1068.215 Ether. Multiple transactions of 100 Ether were then sent to Tornado Finance for the attacker’s exit profit.

Would we spot the issue during the audit? Yes. We would be able to identify the insecure price oracle usage.

;