How Was Pawn Finance Exploited?

4 min read

Learn how an attacker exploited Pawn Finance to steal assets worth approximately $800,000.

TL;DR#

On June 17, 2023, the ERC-20 liquidity reserve fund of Pawn Finance was exploited in a series of transactions, which resulted in a total loss of funds worth approximately $800,000.

Introduction to Pawn Finance#

Pawn Finance is a DeFi protocol that introduces the pawn concept, including a brand-new lending and leasing marketplace for non-standard assets (NSA).

Vulnerability Assessment#

The exploit occurred because the protocol failed to verify whether the NFT had actually been transferred when users used a specified NFT as collateral for borrowing.

Steps#

Step 1:

We attempt to analyze one of the attack transactions executed by the exploiter.

Step 2:

The attacker took a flash loan of 220,000 APE tokens from Uniswap and used a newly created contract to invoke a call to the depositAndBorrowApeAndStake function that transferred the APE tokens from the ApeStaking contract to the pTokenStaking contract with parameters that bypass some logic.

function depositAndBorrowApeAndStake(
  DepositInfo memory depositInfo,
  StakingInfo memory stakingInfo,
  IApeCoinStaking.SingleNft[] calldata _nfts,
  IApeCoinStaking.PairNftDepositWithAmount[] calldata _nftPairs
) external nonReentrant {
  address userAddr = msg.sender;
  address ptokenStaking = _getPTokenStaking(stakingInfo.nftAsset);

  // 1, handle borrow part and send ape to ptokenAddress
  if (stakingInfo.borrowAmount > 0) {
    uint256 borrowRate = IApePool(apePool).borrowRatePerBlock();
    uint256 stakingRate = getRewardRatePerBlock(_nftInfo[stakingInfo.nftAsset].poolId, stakingInfo.borrowAmount);
    require(borrowRate + stakingConfiguration.addMinStakingRate < stakingRate, "rate");
    IApePool(apePool).borrowBehalf(userAddr, stakingInfo.borrowAmount);
    IERC20Upgradeable(apeCoin).safeTransfer(ptokenStaking, stakingInfo.borrowAmount);
  }

  // 2, send cash part to ptokenAddress
  if (stakingInfo.cashAmount > 0) {
    IERC20Upgradeable(apeCoin).safeTransferFrom(userAddr, ptokenStaking, stakingInfo.cashAmount);
  }

  _depositNftToLending(userAddr, stakingInfo.nftAsset, depositInfo.mainTokenIds);
  _depositNftToLending(userAddr, BAKC_ADDR, depositInfo.bakcTokenIds);

  (uint256 nftAmount, uint256 nftPairAmount) = _storeUserInfo(userAddr, stakingInfo.nftAsset, _nfts, _nftPairs);

  // 3, deposit bayc or mayc pool
  if (_nfts.length > 0) {
    IPTokenApeStaking(ptokenStaking).depositApeCoin(nftAmount, _nfts);
  }

  // 4, deposit bakc pool
  if (_nftPairs.length > 0) {
    IPTokenApeStaking(ptokenStaking).depositBAKC(nftPairAmount, _nftPairs);
  }
}

Step 3:

The acquired APE tokens were further deposited to obtain a substantial amount of SAPE tokens.

Step 4:

The exploiter then created a debt position by depositing APE tokens into the pool contract; however, the deposited amount is a user input without an actual transfer.

Step 5:

The attacker then closed their position by invoking a call to the withdrawApeCoin function, retrieved the free APE tokens, and repaid the borrowed flash loan, as well as other assets, to take away their share of rewards.

Step 6:

The above steps were repeated multiple times to steal assets including 7 WBTC, 190 ETH, 102,469 USDT, 6,996 USDC, and 4,276 APE tokens worth approximately $650,000, as well as 1 BAYC, 6 MAYC, and 2 BAKC.

Step 7:

At the time of this writing, approximately 200 ETH have been laundered into Tornado Cash, while the other parts of the stolen funds, totaling 266.77 ETH, which roughly amounts to $463,590, are held at this address.

Aftermath#

Following the incident, the team acknowledged the occurrence of the exploit and stated that the user's funds and NFTs were all secure.

The team swiftly intercepted the attempted exploit, promptly containing and addressing the issue. According to them, the financial implications were confined solely to Pawnfi's ERC-20 liquidity reserve fund, with a loss estimated at around $650,000.

They also stated that they will soon share an in-depth analysis along with a compensation plan for any affected users.

Solution#

The exploitation of Pawn Finance's ERC-20 liquidity reserve fund highlights the pressing need for robust security measures and thorough testing within DeFi protocols to mitigate such risks effectively. To prevent similar exploits, it is crucial to conduct comprehensive testing of smart contracts, including unit testing, integration testing, and functional testing. Thorough testing helps identify potential vulnerabilities and weaknesses in the contract before it is deployed, allowing developers to address them proactively.

In addition to testing, leveraging formal verification tools can provide an added layer of assurance. These tools help ensure that the smart contract behaves as intended and minimize the likelihood of unexpected behaviors or vulnerabilities. Regular audits conducted by independent third-party auditors are also essential to identify potential attack vectors and recommend mitigation strategies.

While it is difficult to prevent every hack, Neptune Mutual's parametric cover policies can significantly lessen the effects of such attacks. By setting up a dedicated cover pool within the Neptune Mutual marketplace, Pawn Finance could have provided its users with an additional safeguard against the loss of funds or digital assets resulting from smart contract vulnerabilities.

Neptune Mutual's parametric cover policies eliminate the need for users to provide extensive evidence of their losses. Payouts can be claimed as soon as an incident is resolved through the platform's governance system, ensuring quick and efficient recovery for affected users.

Furthermore, engaging with Neptune Mutual would have allowed Pawn Finance to benefit from the expertise of Neptune Mutual's security team. The team conducts thorough evaluations of platforms, including DNS and web-based security, frontend and backend security, intrusion detection and prevention measures, and other crucial security considerations. This assessment can help identify potential vulnerabilities and strengthen the overall security posture of the protocol.

Reference Source BlockSec

By

Tags