The Defect in a Lending Protocol's Oracle Module Was Exploited by a Bot to Generate a $110K Profit

PreviousA Bot Devised Arbitrage Strategies Centered on Autonomous Minting and Burning of Synthetic Tokens NextA $296K-Profit Arbitrage Done by the Lightning Reflex Bot After the Vyper-Curve Exploit

Last updated 1 year ago

Was this helpful?

The Defect in a Lending Protocol's Oracle Module Was Exploited by a Bot to Generate a $110K Profit

Strategy One Liner

In this Oracle attack, the attacker made a $110k profit by cheating a defect price oracle.

Big Picture

Key Steps

Step 0: The attacker used a Flash Loan to take out 450,000 xSUSHI tokens from BentoBoxV1 in preparation for the transaction.
Steps 3-4: The attacker added collateral, transferring 418,285 xSUSHI to the CauldronMediumRiskV1 contract via the BenToBox V1 contract.
Steps 5-6: The attacker borrowed 808,233 MIM from the CauldronMediumRiskV1 contract, and then he updated CauldronMediumRiskV1’s exchange rate of MIM against xSUSHI. This is the critical step in creating the price spread.
Steps 7-10: The attacker liquidated himself on CauldronMediumRiskV1. The liquidation amount passed in is 682,090 MIM. At this point, the original xSUSHI against MIM price was higher due to the untimely Oracle price update being stored in the cache. The updated exchange rate made xSUSHI cheaper against MIM, which means the liquidation can exchange all the collateralized xSUSHI tokens with fewer MIM. Therefore, the CauldronMediumRiskV1 contract gave back all the xSUSHI tokens (418,285) to the arbitrage contract, and the contract transferred 696,904 MIM to the CauldronMediumRiskV1 contract.
Steps 18-19: The attacker transferred 450,225 xSUSHI back to BenToBoxV1 to return the flash loan, making a profit of 110,911 MIM and transferring it to his EOA.

Key Protocols

Sushiswap: A major DEX (decentralized exchange)
Degenbox by Abracadabra Money: A service that allows users to deposit various types of interest-bearing crypto tokens. The stored tokens can be flash loaned or used in strategies. The yield from this will go to token depositors. The term "Degenbox" is a combination of "degenerate" (a term often used in the crypto community to describe high-risk traders) and "box" (indicating a tool or service).
Cauldron: A decentralized CashTokens exchange

Key Addresses

The pentagon "from" is the attacker's EOA. The solid oval "to" is the attacker's contract.
The ovals with "SushiSwapPool" are different Sushi swap pools.
The addresses in the box "DegenBox" are Degenbox's addresses.
The addresses in the box "Cauldron" are Cauldron's addresses.

Key Assets

MIM, xSUSHI, WETH

Simplified Illustration

Step-by-step Decoding

Step 0: The attacker used a Flash Loan to take out 450,000 xSUSHI tokens from BentoBoxV1 in preparation for the transaction.
Step 1: The attacker transferred 418,303 xSUSHI to the BentoBoxV1 contract.
Step 2: 418,285 virtualSharexSUSHI were minted to represent the transfer in step 1.
Step 3: The attacker transferred 418,285 xSUSHI to the CauldronMediumRiskV1 contract via the BenToBox V1 contract. The attacker was adding collateral.
Step 4: 418,285 virtualShare were mint.
Steps 5-6: The attacker borrowed 808,233 MIM from the CauldronMediumRiskV1 contract, and then 808,637 virtualDebtMIM were burnt. The CauldronMediumRiskV1’s exchange rate of MIM against xSUSHI was updated in this step. This is the critical step in creating the price spread.
Steps 7-10: The attacker liquidated himself on CauldronMediumRiskV1. At this point, the original xSUSHI against MIM price was higher due to the untimely Oracle price update being stored in the cache. The updated exchange rate made xSUSHI cheaper against MIM, which means the liquidation can exchange all the collateralized xSUSHI tokens with fewer MIM. Therefore, the CauldronMediumRiskV1 contract gave back all the xSUSHI tokens (418,285) to the arbitrage contract, and the contract transferred 696,904 MIM to the CauldronMediumRiskV1 contract.
1. Steps 7,9: The attacker got back 418,285 xSUSHI and 418,285 virtualShare were burnt.
2. Steps 8,10: the attacker paid CauldronMediumRiskV1 696,904 MIM and 696,904 virtualDebtMIM were burnt.
Steps 11-12: The attacker withdrew 418,303 xSUSHI.
Steps 13-14: The attacker withdrew 111,329 MIM.
Steps 15-17: The attacker swapped 418 MIM for 225 xSUSHI at SushiSwap.
Step 18: The attacker transferred 450,225 xSUSHI back to BenToBoxV1 to return the flash loan
Step 19: the attacker transferred the profit (110,911 MIM) to his EOA.

More Details

Keywords

Oracle Attack, Flash Loan, Liquidation

PreviousA Bot Devised Arbitrage Strategies Centered on Autonomous Minting and Burning of Synthetic Tokens NextA $296K-Profit Arbitrage Done by the Lightning Reflex Bot After the Vyper-Curve Exploit

Last updated 1 year ago

Was this helpful?

Strategy One Liner

In this Oracle attack, the attacker made a $110k profit by cheating a defect price oracle.

Big Picture

Key Steps

Step 0: The attacker used a Flash Loan to take out 450,000 xSUSHI tokens from BentoBoxV1 in preparation for the transaction.
Steps 3-4: The attacker added collateral, transferring 418,285 xSUSHI to the CauldronMediumRiskV1 contract via the BenToBox V1 contract.
Steps 5-6: The attacker borrowed 808,233 MIM from the CauldronMediumRiskV1 contract, and then he updated CauldronMediumRiskV1’s exchange rate of MIM against xSUSHI. This is the critical step in creating the price spread.
Steps 7-10: The attacker liquidated himself on CauldronMediumRiskV1. The liquidation amount passed in is 682,090 MIM. At this point, the original xSUSHI against MIM price was higher due to the untimely Oracle price update being stored in the cache. The updated exchange rate made xSUSHI cheaper against MIM, which means the liquidation can exchange all the collateralized xSUSHI tokens with fewer MIM. Therefore, the CauldronMediumRiskV1 contract gave back all the xSUSHI tokens (418,285) to the arbitrage contract, and the contract transferred 696,904 MIM to the CauldronMediumRiskV1 contract.
Steps 18-19: The attacker transferred 450,225 xSUSHI back to BenToBoxV1 to return the flash loan, making a profit of 110,911 MIM and transferring it to his EOA.

Key Protocols

Sushiswap: A major DEX (decentralized exchange)
Degenbox by Abracadabra Money: A service that allows users to deposit various types of interest-bearing crypto tokens. The stored tokens can be flash loaned or used in strategies. The yield from this will go to token depositors. The term "Degenbox" is a combination of "degenerate" (a term often used in the crypto community to describe high-risk traders) and "box" (indicating a tool or service).
Cauldron: A decentralized CashTokens exchange

Key Addresses

The pentagon "from" is the attacker's EOA. The solid oval "to" is the attacker's contract.
The ovals with "SushiSwapPool" are different Sushi swap pools.
The addresses in the box "DegenBox" are Degenbox's addresses.
The addresses in the box "Cauldron" are Cauldron's addresses.

Key Assets

MIM, xSUSHI, WETH

Simplified Illustration

Step-by-step Decoding

Step 0: The attacker used a Flash Loan to take out 450,000 xSUSHI tokens from BentoBoxV1 in preparation for the transaction.
Step 1: The attacker transferred 418,303 xSUSHI to the BentoBoxV1 contract.
Step 2: 418,285 virtualSharexSUSHI were minted to represent the transfer in step 1.
Step 3: The attacker transferred 418,285 xSUSHI to the CauldronMediumRiskV1 contract via the BenToBox V1 contract. The attacker was adding collateral.
Step 4: 418,285 virtualShare were mint.
Steps 5-6: The attacker borrowed 808,233 MIM from the CauldronMediumRiskV1 contract, and then 808,637 virtualDebtMIM were burnt. The CauldronMediumRiskV1’s exchange rate of MIM against xSUSHI was updated in this step. This is the critical step in creating the price spread.
Steps 7-10: The attacker liquidated himself on CauldronMediumRiskV1. At this point, the original xSUSHI against MIM price was higher due to the untimely Oracle price update being stored in the cache. The updated exchange rate made xSUSHI cheaper against MIM, which means the liquidation can exchange all the collateralized xSUSHI tokens with fewer MIM. Therefore, the CauldronMediumRiskV1 contract gave back all the xSUSHI tokens (418,285) to the arbitrage contract, and the contract transferred 696,904 MIM to the CauldronMediumRiskV1 contract.
1. Steps 7,9: The attacker got back 418,285 xSUSHI and 418,285 virtualShare were burnt.
2. Steps 8,10: the attacker paid CauldronMediumRiskV1 696,904 MIM and 696,904 virtualDebtMIM were burnt.
Steps 11-12: The attacker withdrew 418,303 xSUSHI.
Steps 13-14: The attacker withdrew 111,329 MIM.
Steps 15-17: The attacker swapped 418 MIM for 225 xSUSHI at SushiSwap.
Step 18: The attacker transferred 450,225 xSUSHI back to BenToBoxV1 to return the flash loan
Step 19: the attacker transferred the profit (110,911 MIM) to his EOA.

More Details

If you are interested in a comprehensive understanding of the execution of the contract, please read this for a code review.

Keywords

Oracle Attack, Flash Loan, Liquidation