On the evening of July 30th, 2023, multiple projects encountered a dark moment.

At around 21:35 on July 30th, according to Beosin's EagleEye security risk monitoring, the NFT lending protocol JPEG'd was attacked.

While the Beosin security team was analyzing the situation, several other projects were attacked in succession.

At around 22:51 on July 30th, the msETH-ETH pool was raided by hackers.

At around 23:35 on July 30th, the alETH-ETH pool was also cracked using the same attack method.

Shortly after, liquidity pools belonging to DeFi projects Alchemix and Metronome were successively attacked.

The root reason of these multiple attacks is Vyper?

According to a tweet from the Ethereum programming language Vyper on July 31st, Vyper versions 0.2.15, 0.2.16, and 0.3.0 have vulnerabilities in their reentrancy locks. Combined with the ability of native ETH to call callback function during transfers, liquidity pools with native ETH created by these versions can be hacked by reentrancy attacks.

Curve's official Twitter then stated that many stablecoin pools (alETH/msETH/pETH) using Vyper 0.2.15 were attacked due to reentrancy lock failures, but other pools are safe.

Analysis by Beosin Security Team on the Attacked Projects.

Here are the relevant transactions related to the hacking incident:

●Attack Transaction:

0xc93eb238ff42632525e990119d3edc7775299a70b56e54d83ec4f53736400964 0xb676d789bb8b66a08105c844a49c2bcffb400e5c1cfabd4bc30cca4bff3c9801

0xa84aa065ce61dbb1eb50ab6ae67fc31a9da50dd2c74eefd561661bfce2f1620c

0x2e7dc8b2fb7e25fd00ed9565dcc0ad4546363171d5e00f196d48103983ae477c

0xcd99fadd7e28a42a063e07d9d86f67c88e10a7afe5921bd28cd1124924ae2052

●Attacker's Address

0xC0ffeEBABE5D496B2DDE509f9fa189C25cF29671

0xdce5d6b41c32f578f875efffc0d422c57a75d7d8

0x6Ec21d1868743a44318c3C259a6d4953F9978538

0xb752DeF3a1fDEd45d6c4b9F4A8F18E645b41b324

●Attacked Contracts

0xc897b98272AA23714464Ea2A0Bd5180f1B8C0025

0xC4C319E2D4d66CcA4464C0c2B32c9Bd23ebe784e

0x9848482da3Ee3076165ce6497eDA906E66bB85C5

0x8301AE4fc9c624d1D396cbDAa1ed877821D7C511

Vulnerability Analysis

According to Beosin security team, the main cause of this attack was the failure of the reentrancy lock in Vyper 0.2.15. Attackers added liquidity by reentering the add_liquidity function when removing liquidity using the remove_liquidity function of the related liquidity pools. Due to the balance update occurring before reentry into the add_liquidity function, price calculation errors occurred.

Attack Process

We take the msETH-ETH-f pool attacked by transaction 0xc93eb238f as an example.

In the preparation stage, the hacker first flash loaned 10,000 ETH through the Balancer:Vault as attack funds.

Attack Stage

1.  In the first step, the attacker called the add_liquidity function to add the 5000 ETH flash loan to the pool.

2.  In the second step, the attacker called the remove_liquidity function to remove the ETH liquidity from the pool and then reentered the add_liquidity function to add liquidity.

3.  Due to the balance update occurring before reentry into the add_liquidity function, price calculation errors occurred. It is worth noting that both the remove_liquidity function and the add_liquidity function have used reentrancy locks to prevent reentry.

4.  Therefore, the reentrancy lock was not effective here. By reading the vulnerable Vyper code shown below, it can be found that when the name of the reentrancy lock appears for the second time, the original number of storage_slot will increase by 1. In other words, the slot that originally acquired the lock is 0, but after another function uses the lock, the slot becomes 1, and the reentrancy lock already fails.

Funds Statistics

At the time of publication, the funds lost in this attack have exceeded $59 million. Beosin KYT has monitored that the c0ffeebabe.eth address has returned 2879 ETH, but the stolen funds remain on multiple attacker addresses.

Subsequent Impact

Regarding the impact of this event, on July 31st, Binance founder CZ tweeted that "CEX price feed saves DeFi." Binance users were not affected, and the Binance team checked on the Vyper reentrancy vulnerability. Binance only uses version 0.3.7 or above. It is important to keep the codebase, applications, and operating systems up to date.

On July 31st, Curve tweeted that due to problems with the Vyper compiler in versions 0.2.15-0.3.0, CRV/ETH, alETH/ETH, msETH/ETH, and pETH/ETH were attacked by hackers. Additionally, the Arbitrum Tricrypto pool may also be affected. Auditors and Vyper developers have not yet found exploitable vulnerabilities, but users are advised to remove their liquidity from the pool.

It can be seen that the impact of this event has not yet ended, and users who have funds in these pools need to pay more attention.

Regarding this event, Beosin security team recommends that the reentrancy locks in Vyper versions 0.2.15, 0.2.16, and 0.3.0 all fail and related projects are advised to check for themselves. After a project is launched, it is strongly recommended that the project team continues to pay attention to vulnerability disclosures of third-party components/dependency libraries and timely avoid security risks.

Beosin is a leading global blockchain security company co-founded by several professors from world-renowned universities and there are 40+ PhDs in the team, and set up offices in 10+ cities including Hong Kong, Singapore, Tokyo and Miami. With the mission of “Securing Blockchain Ecosystem”, Beosin provides “All-in-one” blockchain security solution covering Smart Contract Audit, Risk Monitoring & Alert, KYT/AML, and Crypto Tracing. Beosin has already provided security for 2000+ blockchain companies, audited more than 3000 smart contracts and protected our customers’ assets worth of $500 billion.

Contact

If you need any blockchain security services, welcome to contact us:

Official Website Beosin EagleEye Twitter Telegram Linkedin