Back to all stories
Blogs
Incident Analysis
Aping Peril: The Price Manipulation Exploit with ParaSpace
1/8/2024
Aping Peril: The Price Manipulation Exploit with ParaSpace

Project name: ParaSpace

Project type: Lending

Date of exploit: March 17, 2023

Asset loss: Around 50~150 ETH (2909 ETH Rescued)

Vulnerability: Price Manipulation

Date of audit report publishing:

  • Oct 25, 2022: ParaSpace (Audit 3)
  • Dec 23, 2022: ParaSpace - NFT Money Market

Conclusion: Out of Audit Scope

Details of the Exploit

Background

ParaSpace provides a lending protocol where users can deposit collateral and borrow tokens. On March 17, 2023, ParaSpace was exploited by a price manipulation attack where the attacker can manipulate the collateral size to borrow extra tokens.

Nature of the Vulnerability

The size of collateralized assets is calculated by the scaledBalanceof function, which will use the getPooledApeByShares function. And the getPooledApeByShares is calculated with sharesAmount.mul(_getTotalPooledApeBalance()).div(totalShares). The vulnerability lies in the AutoCompoundApe._getTotalPooledApeBalance function, which calculates the collateral size of cApe collateral based on the staked amount in the ApeCoinStaking contract. The attacker can utilize the ApeCoinStaking.depositApeCoin function to increase the staked amount a lot.

CertiK Audit Overview

Screenshot 2024-01-08 at 5.35.20 AM

Conclusion

On March 17, 2023, a vulnerability located in the AutoCompoundApe contract of the ParaSpace protocol was exploited by a price manipulation attack. Around 50~150 ETH tokens were lost due to slippage and 2909 ETH were rescued.

The vulnerability is located in the AutoCompoundApe contract, which was introduced after the audit and thus outside CertiK’s audit scope.