TL;DR#
On February 22, 2023, Dynamic Finance was exploited due to insufficient reentrancy protection, in which the protocol lost 73 BNB, worth approximately $22,400.
Introduction to Dynamic#
Dynamic is a smart money market aggregator built on multiple blockchain networks that helps to enhance the DeFi lending experience with automation, one-click borrowing, and seamless bank connectivity.
Vulnerability Assessment#
The root cause of the attack is a reentrancy bug that tricked the deposit tracking system of the StakingDYNA contract.
Steps#
Step 1:
We attempted to analyze the attack transaction executed by the exploiter.
Step 2:
In the StakingDYNA contract, it is observed that users could deposit $DYNA and claim rewards. The interest is calculated with the following operations:
duration = now - lastProcessAt
interest = k * (stakeAmount * duration)
Step 3:
The deposit function provides the lastProcessAt value. However, this value is only recorded for the first deposit/stake due to the logic of the code.
Step 4:
At timeframe A, the attacker opened a new vault and deposited a small amount of $DYNA. At some point in timeframe B, they took out a fairly large flash loan to borrow $DYNA and deposited it before redeeming the deposit, earning rewards, and paying back the flash loan.
The profit from this transaction was, k * (borrowAmount * (B - A))
Step 5:
The attacker then withdrew the rewards and capital using the redeem function.
Step 6:
After withdrawing funds from one address, the funds were transferred to the next address for the same operation, allowing the hacker to profit multiple times.
Aftermath#
Following the attack, the price of their $DYNA token dropped by more than 90%.
The team stated that they were working on an upgrade to the contract in order to include a reentrancy guard, and will also have their protocol audited.
They will additionally be buying back the $DYNA tokens, and distributing them to the affected users. They have also shared a recovery plan which includes wiping the treasury allocation in order to provide full DYNA distribution.
Solution#
Dynamic Finance's recent encounter with a reentrancy exploit serves as a sobering reminder of the multi-faceted challenges in the DeFi landscape. When you delve into the details of the incident, it becomes clear that this was not just a programming oversight but a more systemic failure of security evaluation. The reentrancy bug that took advantage of the deposit tracking mechanism of the StakingDYNA contract highlights the need for extensive, layered protections in smart contract deployments.
The insidious nature of reentrancy attacks revolves around their capability to disrupt the sequence of operations, leading to unintended financial consequences. It is precisely here that measures such as implementing a reentrancy guard or the checks-effects-interactions pattern come into play. These protective measures ensure that all internal state modifications are executed before any external calls, negating the potential for exploitation. Moreover, the relevance of deploying formal verification tools cannot be overstated. Such tools act as a rigorous mathematical proofing environment, ascertaining that a smart contract behaves precisely as intended.
Yet, the very essence of a protocol's resilience doesn't solely lie in its codebase; it's a synthesis of multiple strategies that include thorough code audits, periodic security assessments, and, importantly, a contingency plan. Enter Neptune Mutual.
Had Dynamic Finance integrated with Neptune Mutual's marketplace, they would have equipped themselves with an insurance layer designed explicitly for such unforeseen vulnerabilities. Our parametric policies act as a cushion, mitigating the immediate financial aftermath of such hacks. Users, knowing that they have a protective layer, can navigate the DeFi space with increased confidence.
Users wouldn't have to deal with the arduous task of presenting proof of loss in the event of any security compromise, such as the one Dynamic Finance experienced. Our efficient incident resolution system ensures a streamlined claims process. At the moment, our marketplace is available on two popular blockchain networks: Ethereum and Arbitrum.
Moreover, Neptune Mutual's involvement doesn't end with mere insurance provisions. Our security team, with its expansive experience, performs comprehensive platform evaluations spanning from DNS and web-based security to intricate backend audits. The objective is twofold: proactive identification of potential vulnerabilities and the fortification of existing security infrastructures.
Reference Sources Certik, Beosin
