Decoding Stax Finance’s Vulnerability

2 min read
Stax Finance Vulnerability

Stax Finance, Temple DAO based project was hacked which cost them approximately $2.36 million.

TL;DR#

On October 11, 2022, the TempleDAO based project, Stax Finance was hacked, costing them approximately $2.36 million.

Introduction to TempleDAO#

Temple DAO is a yield-farming DeFi protocol that offers users yields on deposits. Stax is a decentralized application powered by TempleDAO.

Vulnerability Assessment#

The potential cause of the incident is that the migrateStake function did not check the oldStaking, so the attacker forged the oldStaking contract to arbitrarily add the balance.

Steps#

Step 1:

The exploiter address can be found here, alongside the attack transaction.

Step 2:

The account was initially funded in through Binance for 1.09 ETH.



Step 3:

The lack of permission checks in the migrateStake function of the StaxLPStaking contract is the primary reason behind this incident.

Step 4:

First, the contract determines if the user has funds in the old Staking Contract.



Step 5:

The oldStakingContract may be any contract because there were no prior checks. The staking contract has also been passed as an argument.

Step 6:

Anyone can use this function to withdraw StaxLP from the contract.



Step 7:

The hacker creates his own Smart Contract, which consists of only a migrateWithdraw function with no code.

Step 8:

Then, using his own smart contract and the maximum amount possible, he calls the migrateStake function.

Step 9:

All the tokens were withdrawn using the withdrawAll function.



Step 10:

The exploiter then closed the position on
Uniswap and sold everything for ETH.



Step 11:

The exploiter eventually transferred all of the stolen assets to this address.

Aftermath#

The team has stated that they will make remediation to all affected users.

How to prevent such an attack vector#

This exploit could have been avoided with a sanity check of only accepting whitelisted old staking contracts.

Protocol, and Platform Security#

Our security team at Neptune Mutual can validate your platform for DNS and web-based security, smart contract reviews, as well as frontend and backend security. We can offer you a solution to scan your platform and safeguard your protocol for known and unknown vulnerabilities that have the potential to have catastrophic long-term effects. Contact us on social media if you are serious about security and have the budget, desire, and feeling of responsibility to do so.

By

Tags