TL;DR#
On February 10, 2023, the DeFi aggregator dForce was attacked in Arbitrum and Optimism chains, with the attackers profiting by approximately $3.65 million.
Introduction to dForce#
dForce advocates the development of a comprehensive set of DeFi protocols spanning assets, lending, and trading to serve as Web3's DeFi infrastructure.
Vulnerability Assessment#
The root cause of the attack is due to the well-known read-only reentrancy in the Curve pool.
During the read-only reentrancy attack, a view function is reentered, which is often unprotected because it does not alter the state of the contract. Nonetheless, if the state is inconsistent, incorrect values may be reported. Other protocols that rely on a return value can be deceived into performing undesirable actions by reading the incorrect state.
Steps#
Step 1:
We took a closer look at the attack transactions on both Arbitrum, and Optimism.
Step 2:
The attacker used read-only reentrancy issue to manipulate the wstETHCRV-gauge asset in order to liquidate a number of positions within the wstETHCRV-guage as collateral.
Step 3:
The exploiter initially took a flash loan of 68,429 ETH and received 65,343 wstETHCRV. 1,904 wstETHCRV from here were then transferred to the attacker's contract.
Step 4:
The exploiter then deposited 1,904 wstETHCRV in order to receive 1,904 wstETHCRV-gauge, while also borrowing almost 2,080,000 USX.
Step 5:
They then removed 63,438 wstETHCRV in liquidity while receiving 62,125 ETH. The read-only reentrancy was then used to manipulate the wstETHCRV price, effectively liquidating the borrower collateral wstETHCRV.
Step 6:
The exploiter exchanged 2,924 wstETHCRV for 2,863 ETH, swapped 3,806 wstETH for 4,458 ETH, and repaid the flash loan for a profit of 1,236 ETH.
Step 7:
The loss amounts to approximately $1.91 million in Arbitrum chain and $1.73 million in Optimism.
Aftermath#
The team confirmed that the vaults had been compromised, at which point they promptly suspended the dForce Vaults while maintaining the integrity of the remaining protocol components.
Solution#
When developing smart contracts, integrations must also be considered. If reentrancy locks are already in place, numerous security solutions may be applicable for the security of the project.
The reentrancy locks can be made public so that developers can choose whether or not to revert in the event that the lock is activated. If the lock is active, revert in the view function.
We may not have prevented the occurrence of this hack, however the impact or aftermath of this attack could have been significantly reduced if dForce Protocol had set up a dedicated cover pool in the Neptune Mutual marketplace. We offer coverage to users who have suffered a loss of funds or digital assets occurring as a result of smart contract vulnerabilities owing to our parametric policies.
Users who purchase the available parametric cover policies do not need to provide loss evidence in order to receive payouts. Payouts can be claimed as soon as an incident is resolved through the incident resolution system. At the moment, our marketplace is available on two popular blockchain networks, Ethereum, and Arbitrum.
Neptune Mutual's security team would also have evaluated the platform for DNS and web-based security, frontend and backend security, intrusion detection and prevention, and other security considerations.
Reference Sources dForce, PeckShield
