Cointime

Cointime

Download App
iOS & Android

A Detailed Analysis of Euler Finance’s $197 Million Flash Loan Attack

Validated Project

On 13 March 2023 at 08:56:35 AM +UTC, DeFi lending protocol Euler Finance experienced a Flash Loan Attack.

Euler Finance is a protocol that operates as a permissionless lending protocol. Its primary goal is to facilitate lending and borrowing of various cryptocurrencies for users. The UK-based tech startup utilizes mathematical principles to develop non-custodial protocols on Ethereum and other blockchain networks, with a focus on achieving high performance.

Based on on-chain data analysis, the attacker has successfully executed multiple transactions resulting in the theft of approximately $197 million, making it the largest hack of 2023 thus far. Stolen assets include several million worth of DAI, USDC, Staked Ether (StETH), and Wrapped Bitcoin (WBTC).

The breakdown of the stolen assets are as follows:

Detailed Analysis

The attack was possible due to a lack of liquidity checks in the donateToReserves function of the Etoken. The attacker executed multiple calls with different currencies to generate profit, resulting in a massive loss of $196 million across six different tokens. Currently, the funds remain in the attacker’s account.

The attacker’s address is: https://etherscan.io/address/0xb66cd966670d962c227b3eaba30a872dbfb995db

The attacker’s contract address is: https://etherscan.io/address/0x036cec1a199234fc02f72d29e596a09440825f1c

One of the attack transactions can be found here: https://etherscan.io/tx/0xc310a0affe2169d1f6feec1c63dbc7f7c62a887fa48795d327d4d2da2d6b111d

1. The attacker first borrowed 30 million DAI through a flash loan from Aave and then deployed two contracts: one for lending and one for liquidation.

2. The attacker then called the deposit function and pledged 20 million DAI to the Euler Protocol contract, receiving 19.5 million eDAI in return.

3. The Euler Protocol allows users to borrow up to 10 times their deposit by calling the mint function. The attacker leveraged this capability to borrow 195.6 million eDAI and 200 million dDAI.

4. The attacker called the repay function using the remaining 10 million DAI borrowed through the flash loan to repay their debt and destroy 10 million dDAI. They then proceeded to call the mint function again to borrow 195.6 million eDAI and 200 million dDAI.

5. The attacker then called the donateToReserves function and donated 10 times the amount needed to repay their debt, sending 100 million eDAI. They then called the liquidate function to initiate the liquidation process and obtained 310 million dDAI and 250 million eDAI.

6. The attacker called the withdraw function and obtained 38.9 million DAI, which they used to repay the 30 million DAI borrowed through the flash loan. They profited 8.87 million DAI from the attack.

Core Vulnerability

First, let’s take a look at the donateToReserves function, which is where users become vulnerable to liquidation.

Comparing the donateToReserves function to the mint function in the diagram below, we can see that a key step, checkLiquidity, is missing from the donateToReserves function.

Next, we followed up and examined the implementation of checkLiquidity. We discovered the Call InternalModule function, which calls the RiskManager to check and ensure that Etoken > Dtoken for the user.

It is necessary to check the user’s liquidity each time an operation is performed by calling checkLiquidity.

However, the donateToReserves function does not execute this operation, allowing users to first put themselves in a state of liquidation through certain functions of the protocol, and then complete the liquidation.

Attack Reproduction

The Numen Cyber Lab’s team has managed to reproduce the attack.

You may find out more details on the PoC at https://github.com/numencyber/SmartContractHack_PoC/tree/main/EulerfinanceHack

Conclusion

Euler Finance have confirmed the attack on their official Twitter (@eulerfinance) and have stated that they are currently collaborating with security professionals and law enforcement to address the issue.

The recent attack on the Euler Finance protocol highlights the importance of implementing rigorous security measures, such as conducting thorough audits and regularly checking for vulnerabilities.

As the decentralized finance ecosystem continues to grow, it is crucial for projects to prioritize the security of their users’ funds and adopt best practices to mitigate the risk of similar attacks in the future.

Note

This article was originally posted on our website’s blog. Subsequent articles will be posted first on our website and Medium after a slight delay.

Please stay tuned and follow our Twitter @numencyber for any future updates.

Euler Finance
Comments

All Comments

Recommended for you

  • Anthropic's Secondary Market Valuation Reaches $1 Trillion, Surpassing OpenAI

    On April 23, Anthropic's valuation on private equity trading platforms like Forge Global has risen to around $1 trillion, surpassing OpenAI's $880 billion. It is reported that the valuation of this artificial intelligence startup has rapidly increased due to buyers competing to purchase the increasingly scarce secondary market shares of Anthropic. (Dongxin News Agency)

  • BTC Surpasses $78,000

    Market data shows that BTC has surpassed $78,000, currently priced at $78,000.81, with a 24-hour decline of 0.14%. The market is experiencing significant volatility, so please ensure proper risk management.

  • Bitmine Allegedly Acquires 100,000 ETH Worth $233.7 Million

    On April 23, according to monitoring by Lookonchain, three new addresses suspected to be associated with Tom Lee's Bitmine (0xB6a8...9c9E, 0xc2e0...2831, 0x4e5C...276c) received 100,000 ETH from BitGo, valued at $233.7 million.

  • Musk: AI Chip Shortage Expected in the Future

    On April 23, Tesla CEO Elon Musk stated during an earnings call that the company initiated the Terafab chip factory project due to an anticipated severe shortage of AI chips in the future. He remarked, "In terms of industry growth rates, logic chips, and even more so storage chips, we expect to encounter bottlenecks if we do not manufacture chips ourselves. This is the reason for the birth of Terafab." (Dongxin News Agency)

  • US Spot Bitcoin ETF Sees Net Inflow of $331.9 Million Yesterday

    On April 23, according to monitoring by Trader T, the US spot Bitcoin ETF experienced a net inflow of $331.9 million yesterday.

  • US Spot Ethereum ETF Sees Net Inflow of $96.43 Million Yesterday

    On April 23, according to monitoring by Trader T, the US spot Ethereum ETF saw a net inflow of $96.43 million yesterday.

  • U.S. State Department Urges American Citizens to Leave Iran Immediately

    On April 23, the Bureau of Consular Affairs of the U.S. State Department posted on social media that, given Iran's announcement of partial airspace reopening, American citizens in Iran should leave immediately. The post advised U.S. citizens to stay informed about the situation through local media and to consult commercial airlines for information on flights departing Iran. Additionally, U.S. citizens can also travel by land to Armenia, Azerbaijan, Turkey, and Turkmenistan, but should avoid areas along the Iran-Afghanistan, Iran-Iraq, or Iran-Pakistan borders.

  • Tesla: Increasing Investment in AI Computing Power and Advancing New Battery and Material Factories

    On April 23, Tesla's official blog announced that the company is increasing its investment in AI computing power to advance the construction of new battery and battery materials factories. This move is also aimed at further preparing for the production of the third-generation Megapack energy storage system, the Tesla autonomous electric vehicle Cybercab, and the Tesla electric truck Semi.

  • USA: Deploying the Strongest Military Force in History to the Middle East

    On April 23, local time April 22, the U.S. Central Command announced that since the U.S. military began its blockade operations in the waters related to the Strait of Hormuz on April 14, it has requested 31 vessels to turn around or return to port as part of the blockade. The U.S. Central Command also stated that the military is currently deploying the most comprehensive and powerful military force ever seen across the Middle East.

  • Iran Does Not Officially Respond to Extended Ceasefire Deadline

    On April 23, Iran has not provided any official response regarding U.S. President Trump's announcement to extend the temporary ceasefire deadline, nor about the possibility of a second round of negotiations with the U.S. Iranian public opinion widely believes that the contradictions in U.S. rhetoric and its constantly changing policies are the main reasons for Iran's inability to trust the U.S. Additionally, Israel's repeated violations of the Lebanon-Israel ceasefire agreement and the ongoing U.S. maritime blockade against Iran are key factors affecting the negotiation process. Analysts point out that the risk of renewed war and conflict remains very high, and if both sides continue to insist on their current demands and conditions, the nature of this regional crisis may evolve from a purely U.S.-Iran issue into a global problem.

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company