On 30 April 2022, Fei Protocol announced that they were aware of and looking into an exploit on various Rari Fuse pools, that turned out to be a common re-entrancy attack. The total loss reported was ~$80 Million.
On April 30 2022, at 09:01:35 AM +UTC Fei Protocol announced that they were aware of and looking into an exploit on various Rari Fuse pools. The total loss reported was at ~$80 Million. They paused all borrowing to minimize further loss and publicly offered the attacker $10 million to return the user funds. At ~$80 million this makes the FEI exploit one of the largest re-entrancy hacks ever.
The attack drained funds from the Rari pool whilst the Fei Pools (Tribe, Curve) remain unaffected. A Rari team member confirmed that only borrowable assets were vulnerable in the attack.
Initial reports indicate this exploit is likely due to a re-entrancy bug which has affected and been main culprit in MANY exploits, including the infamous DAO hack in 2016 and several major protocols in the past like:
In December, Fei merged with Rari Capital. Rari enabled the creation of Fuse Pools— permissionless lending pools— that anyone with a wallet can access from anywhere to lend or borrow ERC-20 tokens. No minimum funds are required of users.
On 01 April 2022, Rari Capital released a Security Upgrade Report on Medium, stating they had patched a security issue relating to Fuse pools. This patch fixed known vulnerabilities in Compound by blocking re-entrancy on functions that required it. Although they protected many of their system's functions, they did not protect exitMarket(). When the exploiter received ETH, they could then call exitMarket() even though a global reentrancy lock is active.
Fei Protocol also previously suffered difficulties earlier this month when a bug that was discovered through their bug bounty program caused them to shut down their rebate program while they fixed a vulnerability. At that time, they were able to block an exploit before any happened, which sadly was not the case in this instance.
Re-entrancy: Hack Solidity: Reentrancy Attack | HackerNoon
Take 0xab48... as an example:
This attack was due to a design flaw in the Fei Protocl that failed to follow the check-effect-interaction pattern and thus allow the attacker to make a re-entrant call before the borrow records are updated.
In the “borrow()” function, the following code is implemented:
As the code illustrates, the “doTransferOut()” is invoked before the borrow records (i.e., “accountBorrows” and “totalBorrows” ) are updated.
The “doTransferOut()” function transfers ETH to the receiver via a low-level call:
Therefore, the attacker is able to make a re-entrant call in the “fallback()” function to “makeExit()”.
How much does the attacker earn?
|Token||Transfer to 0xe39f3c4|
Where are the stolen assets?
|TX hash||Attacker out||Attacker in|
|0x8ad7c||11,924,074.79 FEI 3,184,115.06 DAI 1,948,952.18 LUSD|
|0x0d712||5,000,000.00 FEI||4,995,000.00 DAI|
|0xa5cc5||5,000,000.00 FEI||1,766.06 WETH|
|0xd5628||1,924,074.79 FEI||1,922,150.72 DAI|
|0x901af||548,950.00 LUSD||194.21 WETH|
|0x229f0||3,364,504.99 FRAX 1,691,470.42 FEI, 1,250,000.00 UST (Wormhole), 963,852.76 DAI, 487.74 ETH|
|0x1c387||700,002.18 LUSD||247.59 WETH|
|0x3305b||1,691,470.42 FEI||596.10 WETH|
|0x86c69||3,364,504.99 FRAX||1,186.29 WETH|
|0xdb838||1,250,000.00 UST (Wormhole)||441.34 WETH|
|0x57be2||700,000.00 LUSD||247.86 ETH|
|0xdb873||10,131,022.86 DAI, 10,055,556.33 USDC, 9,736,859.95 FRAX, 6,636,057.90 FEI, 1,515,891.01 UST (Wormhole), 132,959.90 USDT, 2,443.81 ETH|
|0x5352e||5,000,000.00 USDC||1,766.17 WETH|
|0xd970c||5,000,000.00 USDC 1,766.17 WETH|
|0x6ad1c||55,556.33 USDC||19.63 ETH|
|0x64a92||5,736,859.95 FRAX||2,021.04 ETH|
|0x5ffd4||132,959.90 USDT||46.91 ETH|
|0x0cd68||1,515,891.01 UST (Wormhole)||534.01 WETH|
|0x60238||6,636,057.90 FEI||2,324.16 WETH|
|0x23c6d||4,000,000.00 FRAX||1,407.37 ETH|
|0x88b49||31,615.87 RAI||33.65 ETH|
|0xb7852||5,000,000.00 DAI||1,759.31 WETH|
|0x51509||5,000,000.00 DAI||1,752.73 WETH|
|0xb5e7b||5,000,000.00 DAI||1,753.31 WETH|
|0x0c7a6||5,000,000.00 DAI||1,755.00 WETH|
|0x7b779||1,196,141.40 DAI||421.33 WETH|
|0xb61d1||18,261.46 WETH||18,261.46 ETH|
In this specific incident, a CertiK audit would pick up this particular vulnerability. Our highly skilled auditors would have spotted if the check-effect-interaction is strictly followed in the implementation of the code. Our auditors would then take their findings to the project and work with them to resolve this issue. You can read a project's audit on our website where you can check for yourself a tokens critical, major, medium, minor and informational vulnerabilities which will aid you in DYOR.