How these two DeFi protocols fell prey to $11 million ‘reentrancy attack’
On 15 March, an attacker siphoned over $11 million from two DeFi platforms, Agave and Hundred Finance. It appeared to be a flash loan ‘reentrancy attack’ on both protocols on the Gnosis chain as per investigation. Likewise, the platforms halted their contracts to forestall further damage.
Assessing the damage
Solidity developer and creator of an NFT liquidity protocol app, Shegen chose to highlight the hack in a series of tweets on 16 March. Surprisingly, this analysis came after the aforementioned entity lost $225,000 in the same exploit.
Theres already been a few good threads already (and some bad ones that spoke too soon) on the @Agave_lending and @HundredFinance hacks today.
Here’s my analysis & reflection, after just having lost over $225k from the exploit, and explored what happened 👇
— Shegen (@shegenerates) March 15, 2022
Her preliminary investigations revealed the attack worked by exploiting a wETH contract function on Gnosis Chain. It allowed the attacker to continue borrowing crypto before the apps could calculate the debt, which would prevent further borrowing. Ergo, the culprit carried the said exploit by borrowing against the same collateral they posted until the funds drained from the protocols.
To make things worse, the funds weren’t safe. ‘They are pretty much gone forever, but there is still hope,’ she added. That said, the founder of Gnosis, Martin Koppelmann did tweet to bring in some certainity amidst the chaos. Koppelmann asserted,
can’t make any promises, and first we should really understand what happened. But I would generally be supportive of a GnosisDAO proposal that would try to prevent users from loosing funds by e.g. borrowing funds/ investing funds into @Agave_lending
— Martin Köppelmann 🇺🇦 (@koeppelmann) March 15, 2022
After some further research, the attacker allegedly deployed this contract with 3 functions; In blocks 21120283 and 21120284, the hacker used the contract to interact with the affected protocol, Agave directly. The smart contract on Agave was essentially the same as Aave, which secured $18.4B.
As there was no reported exploit in AAVE, how could Agave be drained? Well, here’s a summary of how it was used in an unsafe way “unintentionally”.
The weth contract was deployed the first time someone moved weth to GC. Every time you bring a new token over the bridge, a new token contract is created for it.
The callAfterTransfer function helps prevent you from sending tokens directly to the bridge and losing them forever pic.twitter.com/ZiAZAcTtSI
— Shegen (@shegenerates) March 15, 2022
The said hacker was able to borrow more than their collateral in agave. Thereby, walking away with all borrowable assets.
The borrowed assets comprised of 2,728.9 WETH, 243,423 USDC, 24,563 LINK, 16.76 WBTC, 8,400 GNO, and 347,787 WXDAI. Overall, the hacker made off with approximately $11 million.
Nonetheless, Shegen did not blame the Agave developers for failing to prevent the attack. She said, the developers ran a secure and safe AAVE-based code. Although used with unsafe tokens, in an unsafe way.
“All DeFi protocols on GC should swap out existing bridged tokens for new ones,” she concluded.
Blockchain security researcher Mudit Gupta reiterated a similar cause behind the exploit.
Agave and Hundred Finance were exploited today on Gnosis chain (formerly xDAI).
The underlying reason for the hack is that the official bridged tokens on Gnosis are non-standard and have a hook that calls the token receiver on every transfer. This enables reentrancy attacks. pic.twitter.com/8MU8Pi9RQT
— Mudit Gupta (@Mudit__Gupta) March 15, 2022