Deep Dive Deep Dive into High-Profile Crypto Exploits — Part III: Fei Protocol

On April 30rd, 2022 80M$ was drained from Rari Protocol. The attack was performed 5 times in the span of 15 minutes.

TLDR; The root cause of this attack stems from a Reentrancy security loophole where the attacker could borrow ETH without a collateral.

Background

• FEI protocol -Fei is a decentralized, scalable, and DeFi-native stablecoin protocol
• Rari Fuse Pool Lending, borrowing & yield for Fuse protocol.

The Attack — A High-level overview

The function doTransferOut is called when borrowing ETH from the cEther contract. The function uses to.call.value() which does not limit the gas of the called function.

This can lead to re-entrancy attack because if the receiver is a contract, it can execute arbitrary code when receiving this ETH.

A second mistake in the borrow function was that side effects were only updated after the ETH was transferred, which is the second requirement for a successful re-entrancy attack.

The Attack — Step By Step

1. Flash loan asset

2. Deposit flash loaned asset to rari as collateral.

3. Borrow ETH (debt is not updated yet)

4. leverage reentrancy and call exitMarket() which return the collateral, since debt side-effects are not yet stored.

5. Repay flash loan

6. Attacker get borrowed eth for free.

7. The attacker repeated these steps multiple times until he drained more than 20,000 ETH, worth around 80M$ at the time of this writing.

Relevant Links

Attacker address: 0x6162759edad730152f0df8115c698a42e666157f

Attacker contracts :

• 0xE39f3C40966DF56c69AA508D8AD459E77B8a2bc1
• 0x32075bad9050d4767018084f0cb87b3182d36c45

Exploit transactions:

• 0xd9ee4fc5ee0b8815e6aae20e8bc5697ee49b8a1c76619a008bf534a4084197dc
• 0xadbe5cf9269a001d50990d0c29075b402bcc3a0b0f3258821881621b787b35c6
• 0x0f75349606610313cb666277eeda612e72be624cae061d017e503056bbf4d8e0
• 0x0742b138a78ad9bd5d0b55221d514637313bc64c40272ca98c8d0417a519e2e4
• 0x254735c6c14e4d338b1cc5bca43aab6b0f395ae06085013b1b2527180d270a31
• 0xab486012f21be741c9e674ffda227e30518e8a1e37a5f1d58d0b0d41f6e76530
• 0x9e4d4f4ebb45d1e03813d834494045c1b6ea2adbde1b89fbe24349846c223779
• 0xa185f63b82cbb199a435399cfd414b89ebab91485d5034cdf8861a5f958259a4
• 0xadbe5cf9269a001d50990d0c29075b402bcc3a0b0f3258821881621b787b35c6

All relevant transactions can be found here: https://etherscan.io/address/0x6162759edad730152f0df8115c698a42e666157f

Mitigation

1. Always use check-effect-interacts pattern https://fravoll.github.io/solidity-patterns/checks_effects_interactions.html…

2. Restrict gas limit when sending ETH.

3. Do not use underling assets that can cause reentrancy attacks (For compound based projects).

About Solid Group

Solid Group is a blockchain consulting and auditing service provider founded by cybersecurity experts with a great passion for the cryptocurrency world. We are known for our exceptional out of the box thinking, experience, and our credibility among the community. Throughout our work, our team was able to discover many high severity issues & vulnerabilities. We work with leading companies in the field, helping them increase their resilience through tailored services and solutions.

‌Solid Group provides ALL IN ONE ICO SOLUTION -‌

• audited token generator ( Generate your own token with NO CODING KNOWLEDGE)
• sniper bot protection tool
• Smart contract auditing service‌

🌍 solidgrp.io | 🐦 Twitter | 📣 Telegram Group | ✉️ info@solidgrp.io