On June 18, 2023, Beijing time, Midas Capital was targeted in an attack, and the attackers have profited approximately $600,000.

SharkTeam conducted an immediate technical analysis of this incident and summarized security measures. We hope that future projects can learn from this and strengthen the security defenses in the blockchain industry.

1. Incident analysis

Attacker address: 0x4b92cc3452ef1e37528470495b86d3f976470734

Attack contract: 0xc40119c7269a5fa813d878bf83d14e3462fc8fde

Attacked contract: 0xF8527Dc5611B589CbB365aCACaac0d1DC70b25cB

Attack transactions: 0x1ebc03f0f2257c275f4990b4130e6c3e451125aa98ee8bbde8aba5dc0320c659

Attack Process:

(1) The attacker (0x4b92cc34) invokes the function 0x117741f7 of the attack contract (0xc40119c7), and first calls the mint function of the targeted contract (0xF8527Dc5) to convert 518,614,966,827,953,435,094 sAMM-HAY/BUSD tokens into 2 fsAMM-HAY-BUSD tokens, which are the collateral tokens.

Select an Image

(2) Subsequently, the attacker calls the redeemUnderlying function of the targeted contract (0xF8527Dc5) to extract 518,614,966,827,953,435,091 sAMM tokens. However, instead of extracting all of them, they leave 3 tokens behind. It's important to note that at this point, only 1 fsAMM token has been transferred out of the attack contract.

Select an Image

(3) Then, the attacker calls the redeemUnderlying function of the targeted contract (0xF8527Dc5) again, extracting an additional 518,096,869,957,995,439,653 sAMM tokens. Since there is still 1 fsAMM token remaining in the attack contract (0xc40119c7) account, the extraction is successful.

Select an Image

(4) The above operations are repeated in a loop, and as the arbitrage process progresses, the quantity of minted tokens doubles, and the number of calls to the redeemUnderlying function also doubles.

Select an Image

(5) After multiple rounds of attack transactions, the obtained sAMM tokens are ultimately exchanged for profits by exiting with BUSD, HAY, ANKR, WBNB, ankrBNB, and other assets.

Select an Image

2. Vulnerability Analysis

Since the logic contract of the targeted contract (0xF8527Dc5) is currently not open-source, we can only rely on traces and previous logic contracts to find clues. We found that the code forked Compound's code and shares similarities with Hundred Finance, introducing a third-party math library.

Select an Image

In the divUInt function, the division operation a/b is used, which is fine in terms of calculation. However, due to Solidity's lack of support for floating-point arithmetic, the result is rounded down. The attacker (0x4b92cc34) strictly controls the input quantity every time they call the redeemUnderlying function. This leads to a situation where the calculated result becomes 1.99999999999... but is rounded down to 1 by default.

In the third step, the attack contract (0xc40119c7) retrieves slightly fewer sAMM tokens. As a result, the calculated result becomes 1. Consequently, each time the attacker (0x4b92cc34) stakes and extracts the principal, it doubles.

3. Security Recommendations

The root cause of this incident was the integration of a math library in the targeted contract (0xF8527Dc5), where the redeemUnderlying function rounds down the quantity of fsAMM tokens that the attacker (0x4b92cc34) needs to transfer. This resulted in the attacker (0x4b92cc34) halving the cost they would otherwise have to pay and enabling them to repeatedly exploit the arbitrage opportunity.

To prevent similar attacks, it is essential to follow the following considerations during the development process:

(1) Solidity does not support floating-point arithmetic. When implementing integer operations, it is recommended to perform multiplication before division or use appropriate precision mechanisms.

(2) Before deploying a project, seek technical assistance from professional third-party audit teams to conduct a thorough security review.

About us

SharkTeam’s vision is to comprehensively protect the security of the Web3 world. The team is composed of experienced security professionals and senior researchers from all over the world. They are proficient in the underlying theory of blockchain and smart contracts, and provide services including smart contract auditing, on-chain analysis, and emergency response. It has established long-term cooperative relationships with key players in various fields of the blockchain ecosystem, such as Polkadot, Moonbeam, polygon, OKC, Huobi Global, imToken, ChainIDE, etc.Official website: https://www.sharkteam.org/Twitter: https://twitter.com/sharkteamorgDiscord: https://discord.gg/jGH9xXCjDZTelegram: https://t.me/sharkteamorg