On 14 May 2024, Sonne Finance was exploited for approximately $20M with a known precision loss vulnerability that was first seen in the Hundred Finance exploit in April 2023. The Sonne Finance exploit is the largest exploit to occur on the Optimism chain and is overall the 6th largest incident in 2024. The attacker took advantage of the known vulnerability when an empty pool had been newly created, after users voted to add Velo token to Sonne on the Optimism chain.
Sonne Finance is a Compound V2 fork, their soToken is equivalent to the cToken in the Compound protocol.
“[cToken] is an EIP-20 compliant representation of balances supplied to the protocol. By minting cTokens, users (1) earn interest through the soToken’s exchange rate, which increases in value relative to the underlying asset, and (2) gain the ability to use cToken as collateral. cToken are the primary means of interacting with the Compound Protocol; when a user mints, redeems, borrows, repays a borrow, liquidates a borrow, or transfers cTokens, she will do so using the cToken contract.” Compound v2 Docs | cTokens
The exchangeRate of soToken refers to how much of the underlying token one soToken is worth. The calculation formula is as follows. Compound v2 Docs | cTokens
Breaking it down:
This root cause of this exploit was caused by precision loss, a widely known vulnerability in CompoundV2 forks that a number of projects have fallen victim to. The issue was first discovered in April 2023 when Hundred Finance was exploited for $7.5m. Other notable incidents include Onyx Protocol who lost $2m in November 2023 and Starlay who lost $2.1m in February 2024 via the same vulnerability.
The attacker manipulated the exchangeRate by depositing underlying tokens into an empty market. They then exploited rounding issues in the redeemUnderlying function to redeem underlying tokens with fewer soToken.
In this attack, the attacker initially manipulated the exchangeRate of the soVELO contract, causing 2 wei of soVELO to be valued at 35,471,603 VELO. Subsequently, during the redemption of VELO, due to rounding down, the amount of soVELO required for redemption was truncated to 1 (rounded down from 1.999994 to 1), allowing the attacker to redeem assets valued at 2 wei of soVELO using only 1 wei of soVELO.
The attack on Sonne Finance began 2 days prior to the exploit transaction. The approximate timeline of the attack is as follows:
4 May: Sonne Finance initiated Sonne Improvement Proposal 15 - Adding VELO on Sonne Finance (Optimism). Voting closed on 7 May and unanimously passed with 100% Yes votes.
Sonne Finance on Twitter / Snapshot
As stated in their post-mortem Sonne Finance scheduled the required transactions on their multisig wallet, which implements a 2 day timelock, and also scheduled c-factors to coincide. Post-mortem, Sonne Finance exploit Tenderly Dashboard
After the 2-day timelock ended for the creation of markets, the attacker executed a transaction for adding c-factor to the markets. Tenderly Dashboard
In the transaction the attacker supplied 400000001 wei VELO to mint 2 wei soVELO.
The following attack flow is an analysis of transaction hash: 0x9312ae377d7ebdf3c7c3a86f80514878deb5df51aad38b6191d55db53e42b7f0 Tenderly Dashboard
This resulted in the current exchangeRate becoming 17,735,851,964,756,377,265,143,988,000,000,000,000,000, which means 1 wei soVELO is valued at 17,735,851 VELO.
35471603929512754530287976 * 1000000000000000000 / 17735851964756377265143988000000000000000000 = 1.999994
Due to a rounding error in the division, 1.999994 was truncated to 1. Consequently, the attacker redeemed 35,471,603 VELO by paying only 1 wei of soVELO instead of 1.999994 wei. After the redemption, the totalSupply of soVELO also decreased by the redeemed amount.
The attacker was able to drain multiple pools and take assets totalling approximately $20 million. The assets comprised of the following:
soVELO 2,352.96 VELO
soWETH 795.38 WETH
soUSDC.e 768,933.76 USDC.e
soWBTC 162.92 WBTC
sowstETH 1667.45 wstETH
soUSDT 777632.56 USDT
soUSDC 1264790.21 USDC
0xec8fea79026ffed168ccf5c627c7f486d77b765f 0xf7b5965f5c117eb1b5450187c9dcfccc3c317e8e 0xe3b81318b1b6776f0877c3770afddff97b9f5fe5
As of writing the exploiter holds the majority of funds in the following addresses:
0x5D0D99e9886581ff8fCB01F35804317f5eD80BBb (OP) $6,139,748 0x6277aB36a67CfB5535b02eE95C835A5eeC554c07 (OP) $4,555,874 0x6277aB36a67CfB5535b02eE95C835A5eeC554c07 (ETH) $3,337,615 0x3b39652151102d19Ca41544a635956EF97416598 (OP) $2,610,288 0x4FaC0651BcC837Bf889F6a7D79C1908419fE1770 (OP) $1,633,691 0x9f44c4eC0b34C2DDe2268eD3ACbf3Aba8Eacde51 (OP) $1,382,446 0x5D0D99e9886581ff8fCB01F35804317f5eD80BBb (ETH) $612,170 0xae4A7cDe7C99fb98B0D5fA414aa40F0300531F43 (OP) $296,917 0x9f09Ec563222FE52712dc413d0B7b66CB5C7C795 (OP) $95,782
Though this was a known vulnerability that Sonne Finance were aware of, their multisig execution is permissionless on Optimism where as it isn’t on Base. This allowed the attacker to circumvent the precautionary measures Sonne Finance took to prevent the exploit from happening. Sonne Finance are also fortunate not to lose more funds. X user @tonyke_bot detailed how $6.5 million was saved by buying $100 worth of VELO which was added to the soVELO pool. Tony KΞ on Twitter / X
A security audit by CertiK highlights the known precision issue as a major risk which will help you manage and mitigate the issue as well as provide insight against other unforeseen circumstances.