TL;DR#
On April 01, 2023, Allbridge was exploited due to price manipulation, resulting in the loss of 282,889 $BUSD and 290,868 $USDT, totaling approximately $570,000.
Introduction to Allbridge#
Allbridge is a bridge between EVMs like BNB-Chain, Ethereum, and Polygon and non-EVM compatible blockchains like Solana.
Vulnerability Assessment#
The root cause of the exploit is due to the manipulation of the swap price of their pool. The exploiter played the dual role of a swapper and liquidity provider to manipulate the price and then proceeded to drain the funds from the pool.
Steps#
Step 1:
We attempted to analyze the attack transaction executed by the exploiter. This exploit was carried out by the hacker who had previously attacked UF Dao protocol.
Step 2:
The attacker initially took a flash loan of 7.5 million $BUSD from PancakeSwap, swapped 2 million $BUSD for BSC-USD, and deposited 5 million to the $BUSD pool.
Step 3:
The exploiter then swapped the remaining 500K $BUSD for BSC-USD and used the balance to swap for $BUSD again in the Allbridge's Bridge contract, which resulted in a high dividend for the earlier liquidity deposit.
Step 4:
The BUSD liquidity in the pool was withdrawn to receive 4,830,999 $BUSD as the principal investment and a 554 $BUSD reward.
Step 5:
The attacker was then able to swap out $790,000 of BSC-USD from Bridge using only $40,000 of BUSD and further withdraw 1,995,193 $USDT from the $USDT pool. Then, the attacker swapped out 2,786,062 $USDT for 2,789,971 $BUSD, repaid the flash loan, and kept the remaining balance for profits.
Step 6:
The exploiter later sent 1,700 BNB, which also included profits from previous attacks, to Tornado Cash.
Aftermath#
Following the attack, the team acknowledged the incident and temporarily shut down the bridge.
A later post-mortem report by the team stated that the exploit targeted their BUSD/USDT pools on BNB Chain, and they have proposed a white-hat bounty for the recovered assets.
Solution#
It is critical to understand that no security measure is perfect, but implementing rigorous security standards can greatly reduce the risk of all such attacks on DeFi protocols. These standards can aid in identifying and addressing potential attack vectors before they are exploited by attackers. Many formal verification tools can also be used to ensure that the smart contract behaves as it is intended to.
Additionally, independent third-party auditors should conduct regular smart contract audits to identify vulnerabilities and recommend mitigation strategies. This can aid in identifying and addressing potential attack vectors before they are exploited by attackers.
We may not have prevented the occurrence of this hack, however the impact or aftermath of this attack could have been significantly reduced if Allbridge had set up a dedicated cover pool in the Neptune Mutual marketplace. We offer coverage to users who have suffered a loss of funds or digital assets occurring as a result of smart contract vulnerabilities owing to our parametric policies.
Users who purchase the available parametric cover policies do not need to provide loss evidence in order to receive payouts. Payouts can be claimed as soon as an incident is resolved through the incident resolution system. At the moment, our marketplace is available on two popular blockchain networks, Ethereum, and Arbitrum.
Neptune Mutual's security team would also have evaluated the platform for DNS and web-based security, frontend and backend security, intrusion detection and prevention, and other security considerations.
Reference Source CertiK
