On June 28th, Beijing time, Themis protocol was targeted by a Flash Loan attack, with the attacker having gained approximately $370,000 in profits.

SharkTeam conducted a technical analysis of this incident promptly and has summarized security measures to be taken. It is hoped that future projects can learn from this and collectively strengthen the security defenses of the blockchain industry.

1. Incident analysis

Attacker address: 0xdb73eb484e7dea3785520d750eabef50a9b9ab33

Attack contract:

0x05a1b877330c168451f081bfaf32d690ea964fca

0x33f3fb58ea0f91f4bd8612d9f477420b01023f25

Attacked contract: 0x75f805e2fb248462e7817f0230b36e9fae0280fc

Attack transactions:

0xff368294ccb3cd6e7e263526b5c820b22dea2b2fd8617119ba5c3ab8417403d8

Attack process:

(1) The attacker (0xdb73eb48) borrowed 22,000 WETH through a Flash Loan.

(2) Subsequently, the attacker borrowed an additional 10,000 and 8,000 WETH from the UniswapV3Pool.

(3) Then, the attacker (0xdb73eb48) deposited 220 WETH and borrowed DAI, USDT, USDC, ARB, and WBTC separately.

(4) Furthermore, the attacker (0xdb73eb48) deposited another 220 WETH and borrowed DAI, USDT, USDC, ARB, and WBTC separately.

(5) The attacker (0xdb73eb48) added 55 WETH to the pool and obtained 54.6 wstETH.

(6) The attacker (0xdb73eb48) called the swap function and exchanged all 39,725 WETH for 2,423 wstETH.

(7) Then, taking advantage of the high price of wstETH, the attacker borrowed 317 WETH using only 54.6 wstETH.

Finally, the attacker (0xdb73eb48) exchanged wstEth back to WETH, returned the flash loan, and left the market with a profit.

2 Vulnerability Analysis

The essence of this attack is the manipulation of prices for two tokens in the pool using a Flash Loan. The proportion calculated by the oracle can be manipulated, leading to asset losses. The attacker's initial three steps involved exchanging WETH for various tokens while depositing WETH into the pool, increasing the pool's WETH balance. The crucial step was the sixth step, where over 30,000 WETH was exchanged, causing a significant issue with the ratio between wstETH and WETH in the pool. This distorted ratio led to an increased exchange ratio calculated by the oracle, allowing the attacker to borrow more WETH using a small amount of wstETH.

It is evident that there was a noticeable increase in the calculated results after exchanging WETH for wstETH.

3. Security Recommendations

In light of this attack incident, developers should adhere to the following considerations during the development process:

1. Conduct thorough validation to identify any potential price manipulation issues in the development of oracles and liquidity pools.

2. Consider implementing Time-Weighted Average Price (TWAP) algorithms within oracles to calculate token prices.

3. Prior to project deployment, seek technical assistance from professional third-party auditing teams.