Back to all stories
Reports
Incident Analysis
DFX Finance
11/10/2022
DFX Finance

TL;DR

On Nov 10, 2022, DFX Finance's swapping contracts were attacked, leading to a loss of ~$5M.

Introduction

At 8 PM UTC on Nov 10, 2022, DFX Finance's swapping contracts were attacked, leading to a loss of approximately $5M. The attacker took advantage of the vulnerable flashloan mechanism in the swapping contracts, bypassed the check of repaying the flashloan by depositing tokens to the contracts, and withdrew tokens from contracts after finishing the flashloan.

Attack Flow

  1. The attacker flashloaned 223K CAD coin and 90K USD Coin from the pool.
  2. In the flashloan callback function, the attacker called deposit() function with the flashloaned tokens AND some additional tokens.
  3. Since the deposit() function call increased the balance of both tokens in the pool, the balance check was bypassed.
  4. Therefore, the attacker “repaid” the flashloan via the deposit() invocation, but instead got the 1.58M LP tokens via the deposit() invocation.
  5. The attacker finally called withdraw() function to burn the LP tokens and got the CAD tokens and USD Coin as profit.

Screen Shot 2022-11-10 at 5.52.29 PM

(35 * 100 + 2) ETH(Tornado cash) + ~550K()(remain) = ~5M DeBank | Your DeFi wallet

Addresses

Exploiter: DeBank | Your DeFi wallet

Attacker Contract: [https://etherscan.io/address/0x6cfa86a352339e766ff1ca119c8c40824f41f22d#code

Decompiled code of 0x6cFa86a352339E766FF1cA119c8C40824f41F22D,](https://library.dedaub.com/contracts/Ethereum/6cFa86a352339E766FF1cA119c8C40824f41F22D/decompiled?line=1) a smart contract deployed on the Ethereum blockchain

One of the exploit txn: https://etherscan.io/tx/0x9ef031cfedd1bd8ad91d84418ee6110e5558276a338fc11892f0013d269f27f8

Profit and Assets Tracing

Screen Shot 2022-11-10 at 5.48.58 PM

Screen Shot 2022-11-10 at 5.49.06 PM

Vulnerability

The vulnerability lies in the design issue where the contract does not take into consideration that the flashloaned tokens can be used for deposit and “repay” flashloan. Therefore, when calling flashloan, the contract needs to prevent other functions like “deposit()” function to increase the balance of the pool. A recommended solution is to add a reentrancy guardrail for all related functions.

At time of writing DFX had paused impacted protocols, but vulnerability remains.