TL;DR

On 10 December , 2022 Lodestar Finance’s protocol was exploited with deposits drained due to a vulnerability in the GLPOracle calculation. The exploiter profited approximately $6.5m which was bridged to Ethereum and distributed to 3 externally owned addresses. Lodestar has attempted a negotiation with the exploiter, however there has not yet been any reply at the time of writing. This is one of the biggest exploits seen on Arbitrum.

Summary

The exploiter was able to manipulate the price of Plutus Staked GLP (plsGLP) and lend the asset to the Lodestar platform in return for iplsGLP. As a result, the attacker was able to borrow more than they should have based upon the true value of their collateral. In this case, the attacker borrowed nearly all of the assets on Lodestar, leaving the protocol with over $6m in bad debt.

Lodestar Finance TVL Before Exploit.

The root cause of the exploit appears to come down to how the Lodestar GLPOracle was constructed; specifically, how it obtained the price of plvGLP. We cover this in the vulnerability section of this blog.

Lodestar announced on Twitter that 2.8 Million of the GLP is possibly recoverable, which is worth about $2.4 million. Lodestar later made an announcement directed at the exploiter, in an attempt to make a white-hat agreement. At the time of writing, the exploiter has not answered Lodestar’s negotiation offer.

The attack is a variation of the exploit that was done on Mango Markets which has been attributed to Avraham Eisenberg. Eisenberg posted on Twitter how this type of exploit can be conducted, however there is currently no evidence that Avraham is behind this particular exploit on Lodestar.

Attack Summary

In this case, the attack can be summarized as follows:

1. Attacker places a large amount of USDC into Lodestar

2. Attacker borrows plsGLP (longtail - high risk asset)

3. Attacker lends plsGLP and receives iplsGLP

4. Steps 2 and 3 are repeated

5. The key issue is that the oracle price of plsGLP is manipulatable - Oracles

6. The higher the value of plsGLP the higher the profit is able to be extracted.

7. Further the higher the exchange rate of plsGLP to GLP the larger the redemption is possible

8. The price of plsGLP was then pushed up by the attacker and they were able to borrow the remaining assets:

9. The attacker then arbitraged the price difference between plsGLP and GLP to maximize their profit.

Attack Flow

The exploiter took out 8 flashloans worth roughly $70.5 million. The exploiter then deposited all the loaned ETH (14,960) to GMX to start the exploit process. The protocol was left with bad debt due to the price in how GLP was calculated.

1. Exploiter took out 8 loans a. 17,290,000 USDC b. 9500 WETH c. 4067,721 DAI d. 14,435,000 USDC e. 5,460 WETH f. 7,170,000 USDC g. 2,200,000 USDC h. 10,000,000 USDC

2. The exploiter then pools the WETH(14,960) together and withdraws and deposits to GMX.

3. Exploiter swaps 14,960 WETH for 19,001,512 USDC

4. Exploiter then deposits roughly $70m USD onto the platform which then starts the bank run on LodeStar.

5. Exploiter then borrows PlsGLP and lends the PlsGLP to receive IplsGLP which is done repeatedly until they control more or less the entire supply.

6. After the function donate is called by the exploiter, the assets are inflated by the amount donated and completely disrupts the price of the assets in the pool allowing the protocol to be drained. This increases the supply of sGLP by almost 1.68x.

7. After asset prices are pushed up, the attacker then borrows the rest of the assets leaving Lodestar with bad debt.

8. All flashloans were then repaid back with interest before redeeming the underlying assets for 4527 ETH.

9. Now that the exchange rate has been manipulated the exploiter then approximately doubles their plvGLP for plsGLP (9,651,000 tokens). a. 9,651,000 tokens are sent to the plsGLP vault b. The tokens are then burned and the rebate is sent to the vault. (34k plsGLP) c. 104,000 tokens are removed from the transactions for staking. d. Remaining 9,812,000 fsGLP tokens are then sent to exploiter

10. In the remaining exploit transactions the exploiter then redeems the underlying asset (fsGLP) for roughly 4527 ETH (5,800,000 USD)

Vulnerability

The main vulnerability is inside of GLPOracle and how it calculates its price. The price the oracle reflects is defined by the following equations:

1. GLPPRICE = GLPVALUE / GLPSUPPLY
2. plvGLPexchangerate = totalassets / totalsupply
3. Price of PlvGLP = plvGLPexchangerate * GLPPRICE / Constant value

As the totalassets increase the plvGLPexchangerate grows larger. This means that the Price of PlvGLP increases. Therefore when the attacker updates totalassets by calling the donate function they are able to push the price of PlvGLP higher by donating their sGLP.

1.07 - beginning price ratio 1.82 - end price ratio

The following function allows for price manipulation of PLVGLP at the cost of the user giving up their GLP for pushing the price up.

Asset Tracing

All assets were transferred to 0xb50f…5db13. This is the wallet that called unstake and received all the funds. The total funds sent by the exploiter was roughly 4527 ETH or approximately $5,741,095. The total funds lost are over 5.1k ETH or >$6.5 million. The funds were bridged to Ethereum and distributed amongst three EOAs.

Conclusion

This is the third incident we have seen recently that follows this type of exploit. The first incident was on Mango Markets which Avraham Eisenberg claimed responsibility for on Twitter which resulted in $116m loss. The second exploit was on Moola Markets resulting in $7.8m. With the exploit on Lodestar, we have seen a total of $130.3m lost to this type of exploit. This incident is one of the biggest exploits seen on Arbitrum. Since the attack vector is well known for lending protocols such as compound, we’ll likely see future incidences following this type of attack.