On July 25, 2023, according to data from Beosin EagleEye, the ZkSync-based decentralized lending protocol, EraLend, suffered an attack resulting in a loss of approximately $3.4 million USD.

EraLend is a decentralized lending protocol designed to maximize capital efficiency while minimizing risks associated with external liquidity and oracle dependencies. The security team at Beosin has provided the following analysis of the incident:

Incident Details:

- Attacking Transactions:

- 0x7ac4da1ea1b0903dfabda56f713ea5e4a960a3fc34467a844d037f86ee8bfe98

- 0x99efebacb3edaa3ac34f7ef462fd8eed85b46be281bd1329abfb215a494ab0ef

- Attacker's Address: 0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a

- Attacking Contracts:

- 0xC5c668DcD437b901DFE877DC99329Ac2ba338035

- 0x7d8772DCe73cDA0332bc47451aB868Ac98F335F0

- Target Contract:

- 0x1181D7BE04D80A8aE096641Ee1A87f7D557c6aeb

Vulnerability Analysis:

The main vulnerability exploited in this attack was a read reentrancy in the price oracle, causing a discrepancy between the ctoken contract's lending value calculation and its liquidation value calculation in the EraLend. This discrepancy allowed the attacker to borrow a higher amount than they needed to repay, enabling them to make profits from the borrowing and liquidation process. The attacker leveraged multiple contracts to carry out these operations and obtain a substantial amount of USDC.

Attack Process:

Taking transaction 0x7ac4da1ea... as an example:

Attack Preparation:

1. The attacker extracted approximately 1.68 ETH from OKX and MEXC to cover the deployment of the attack contract and transaction gas fees.

2. The attacker borrowed 14.08 million USDC and 7566 ETH through a flash loan, staked them to the 0x621425 contract, and obtained 0.29 LP tokens to prepare for the attack.

Attack Phase:

1. The attacker called the burn function of the SyncSwap (0x8011) contract, which destroyed their obtained LP tokens and reclaimed the added liquidity. However, the burn function triggered a specific function (_callback) at the callback address (line 206), which updated the liquidity reserve information only after the callback.

2. When the burn function reached the attacker's malicious contract, it executed pre-prepared malicious code in a specific function. This malicious code reentered the ctoken (0x1181) contract's functions, specifically the repayBorrow and borrow functions, to pledge LP tokens and borrow USDC. However, at this point, the SyncSwap contract's reserve information had not been updated, and the ctoken's borrowing amount calculation depended on the reserve of SyncSwap. Consequently, the attacker borrowed 372,644 USDC based on the reserve before reclaiming liquidity.

3. After the reentrancy ended, the SyncSwap reserve was updated, and the attacker repaid the borrowed amount. Since the updated reserve was used for the calculation, the attacker was able to repay the loan with an amount lower than the borrowed tokens. As a result, the attacker returned 269,585 USDC and made a profit of 103,059 USDC.

4. The attacker repeated the above process using multiple contracts.

5. The attacker repaid the flash loan and transferred the attack profits to his/her address.

Funds Tracking

As of the time of posting, Beosin KYT/AML tracking found that the stolen funds have been transferred to other chains via various cross-chain bridge services such as Orbiter and 1inch.

On the morning of July 27, EraLend posted a letter to the hacker on social media suggesting that the hacker return 90% of the funds and keep 10% of the stolen funds as a white hat bounty, at the time of writing, the hacker has not yet made any restitution.

Summary

In response to this incident, Beosin security team recommends:

1. When relying on the SyncSwap project's real-time reserve volume for price calculation, read reentry scenarios should be considered to prevent inconsistent price calculations for related functions in the same transaction.

2. Before the project goes live, it is recommended to choose a professional security audit company to conduct a comprehensive security audit to avoid risks.

Beosin is a leading global blockchain security company co-founded by several professors from world-renowned universities and there are 40+ PhDs in the team, and set up offices in 10+ cities including Hong Kong, Singapore, Tokyo and Miami. With the mission of “Securing Blockchain Ecosystem”, Beosin provides “All-in-one” blockchain security solution covering Smart Contract Audit, Risk Monitoring & Alert, KYT/AML, and Crypto Tracing. Beosin has already provided security for 2000+ blockchain companies, audited more than 3000 smart contracts and protected our customers’ assets worth of $500 billion.

Contact

If you need any blockchain security services, welcome to contact us:

Official Website Beosin EagleEye Twitter Telegram Linkedin