CertiK Logo
CertiK Logo
Products
Blogs
Company
incident-response

Products & Technology

Featured Ecosystems

Company

English
Back to all stories
Blogs
Incident Analysis
Oracle Dependency: Decrypting the Sturdy Finance Attack
1/8/2024
Oracle Dependency: Decrypting the Sturdy Finance Attack

Project name: Sturdy Finance

Project type: Lending

Date of exploit: Jan 12, 2023

Asset loss: 442 ETH

Vulnerability: Price manipulation (read-only reentrancy)

Date of audit conducted: Jan 25, 2022

Conclusion: Out of audit scope

Details of the Exploit

Project Background

Sturdy Finance, a DeFi lending protocol, enables users to deposit collateral and borrow tokens based on their collateral value, which is determined by external price Oracles to acquire price for the collateral. In the recent exploit, the Balancer protocol functioned as this external price Oracle.

Nature of the Vulnerability

  • The attacker's collateral value is incorrectly calculated by a manipulated asset price, so the attacker can borrow more than its collateral to drain the vault.
  • The collateral price is provided by a Balancer protocol, which has a read-only reentrancy issue in its implementation.
  • The attacker manipulated the collateral price from the Balancer protocol by triggering external calls to update its collateral in Sturdy's lending protocol in the process of withdrawing tokens from the Balancer protocol.

CertiK Audit Overview

Sturdy Finance table

Conclusion

On Jan 12, 2023, the lending platform Sturdy Finance was attacked, leading to a loss of 442 ETH. The attacker made use of a read-only reentrancy vector to manipulate the price used in a lending protocol to drain funds. The vulnerability lies in the dependency on the Balancer protocol, which was used to price Oracles in Sturdy's contracts and has been widely recognized by the community. The dependency on the Balancer protocol is not in CertiK's audit scope.

References

Rekt.new Analysis: https://rekt.news/sturdy-rekt/

Additional Resources: Reentrancy Vulnerability Scope Expanded

Related Stories
Prisma Finance Incident Analysis
Blogs
Incident Analysis
On 28 March, Prisma Finance was exploited by multiple addresses leading to a loss of approximately $12.3 million. Three attackers took advantage of a vulnerability in the Prisma Finance MigrateTroveZap contract which allowed them to manipulate a migration process. Since the exploit occurred, a wallet that received funds from the main exploiter has reached out to the Prisma Finance deployer declaring that their actions were a white hat rescue.
3/29/2024
Lending Rate Manipulation: Investigating the FilDA Finance Attack
Blogs
Incident Analysis
On April 22, 2023, FilDA Finance was attacked, leading to a loss of around $700K. The attacker manipulated the exchange rate in the lending pool and drained funds from it.
1/8/2024
Post Mortem: Thoreum Finance
Blogs
Incident Analysis
On Jan 18, 2023, Thoreum Finance's token contract v4 was exploited, leading to a loss of around 2,260 WBNB. The attacker took advantage of the flawed implementation in the token contract's transfer function and manipulated its balance.
1/8/2024
CertiK Logo
SOC
© 2024 by CertiK. All Rights Reserved.
Products & Technology
Smart Contract AuditSkynetSecurity ScoreKYCPenetration TestingBug BountyFormal VerificationAdvisory ServicesSkyHarborSkyInsights
Company
AboutVenturesBlogCareersDisclaimerPrivacy PolicyCookie PolicyTerms and ConditionsTrust and Security
Social Media
CertiKSecurity LeaderboardCertiK AlertTelegramYoutube
MediumLinkedIn
Wechat
Discord
MediumLinkedIn
Wechat
Discord
© 2024 by CertiK. All Rights Reserved.
;