TL;DR#
On February 1, 2024, the Affine Protocol was exploited on the Ethereum Mainnet due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $88,000.
Introduction to Affine#
Affine Protocol provides cross-chain investment and savings solutions.
Vulnerability Assessment#
The root cause of the exploit is due to insufficient user data validation.
Incident Analysis#
We attempt to analyze the attack transaction executed by the exploiter.
The vulnerable contract featured the functionality of a flashloan callback for Balancer, which verified that the caller was Balancer but failed to validate the other parts of user data coming from an untrusted source.
function receiveFlashLoan(ERC20[] memory /* tokens */, uint256[] memory amounts, uint256[] memory /* feeAmounts */, bytes memory userData) external override {
if (msg.sender != address(BALANCER)) revert onlyBalancerVault();
uint256 ethBorrowed = amounts[0];
// There will only be a new strategy in the case of an upgrade.
(LoanType loan, address newStrategy) = abi.decode(userData, (LoanType, address));
if (loan == LoanType.divest) {
_endPosition(ethBorrowed);
} else if (loan == LoanType.invest) {
_addToPosition(ethBorrowed);
} else if (loan == LoanType.upgrade) {
_payDebtAndTransferCollateral(LidoLevV3(payable(newStrategy)));
} else {
_rebalancePosition(ethBorrowed, loan);
}
// Payback wETH loan
WETH.safeTransfer(address(BALANCER), ethBorrowed);
}
The exploiter invoked a call to this function in the contract twice through the Balancer callback function.
On the first call, the `userData` parameters contained the `LoanType.divest` type, which triggered the endPoisition branch to withdraw the assets from the AAVE protocol.
On the second call, the `userData` parameters contained the `LoanType.upgrade` type, which triggered the `_payDebtAndTransferCollateral` branch, which transferred the collateral assets to a new Lido contract and ran a new strategy.
/// @dev Pay debt and transfer collateral to new strategy.
function _payDebtAndTransferCollateral(LidoLevV3 newStrategy) internal {
// Pay debt in aave.
uint256 debt = debtToken.balanceOf(address(this));
AAVE.repay(address(WETH), debt, 2, address(this));
// Transfer collateral (aTokens) to new Strategy.
aToken.safeTransfer(address(newStrategy), aToken.balanceOf(address(this)));
// Make the new strategy borrow exactly the same amount as this strategy originally had in debt.
newStrategy.createAaveDebt(debt);
}
This transfer process solely relies on the user's inputs without any prior verification during the function call. This lack of validation would allow anyone to trigger the faulty implementations of the function and abscond with the collateral tokens.
Aftermath#
The team acknowledged the occurrence of the exploit in their Boosted ETH Staking basket, and stated that they have paused the vaults to reduce the impact of the exploit. They also sent an on-chain message to the hacker with hopes of recovering the stolen assets.
To further reduce the chance of future vulnerabilities, they deprecated the affected basket contracts and also urged users to revoke their approvals to these contracts. A detailed post-mortem report of the incident was also shared, in which they laid out their refund plans for the affected users to choose from.
Solution#
The Affine Protocol exploit underscored a critical vulnerability in smart contract design related to the validation of user inputs and the management of external calls. This incident has highlighted the imperative need for stringent security measures and has provided the DeFi community with valuable lessons on how to prevent similar attacks in the future.
One of the primary lessons learned from this exploit is the importance of rigorous user input validation. Smart contracts must ensure that all user inputs are thoroughly validated for type, format, and content, adhering to expected criteria to mitigate the risk of exploitation through manipulated inputs. Alongside input validation, the necessity for regular security audits cannot be overstated. Security audits, conducted by experienced professionals, can unearth vulnerabilities that might be overlooked during the development process.
Another critical aspect of preventing such exploits is to minimize the reliance on user inputs for critical contract functions, especially those involving asset transfers or strategic changes. Where user inputs are necessary, they should be tightly constrained within predefined parameters to limit the potential for malicious manipulation.
Despite the implementation of stringent security measures, completely eliminating the risk of exploitation remains an elusive target. This inherent uncertainty in the blockchain space highlights the vital role we play at Neptune Mutual. By creating a dedicated cover pool within our marketplace, the impacts of exploits, like the one suffered by Affine Protocol, could have been significantly mitigated. Our services offer a valuable layer of security, effectively minimizing the financial and digital asset losses attributed to smart contract vulnerabilities, courtesy of our innovative parametric-based policies.
Neptune Mutual stands out by providing a distinct advantage to those who choose our parametric cover policies. Users are spared the necessity of submitting proof of loss to initiate a payout. Following the verification and definitive resolution of an incident via our resolution system, affected parties are eligible to swiftly claim their compensation. This efficient process eliminates the delays and complexities often associated with the claims procedures found in other insurance models, offering a hassle-free solution to our users.
We have extended our marketplace across several prominent blockchain networks, including Ethereum, Arbitrum, and the BNB chain. This expansive coverage allows us to deliver insurance solutions to a diverse array of DeFi users.
Reference Source BlockSec
