TL;DR#
On February 02, 2023, Orion Protocol was compromised as a result of a Reentrancy attack, leading to a loss of approximately $3 million in assets.
Introduction to Orion Protocol#
Orion Protocol is an open-source decentralized blockchain platform that serves as a liquidity aggregator for both centralized and decentralized exchanges.
Vulnerability Assessment#
The vulnerability was caused by insufficient reentrancy protection in their smart contract function, which allowed token transfers to be hijacked into reentering other contract functions in order to increase user balance without actually costing funds.
Steps#
Step 1:
The exploiter used a self-destructive smart contract in order to deploy a fake token called ATK, which was then used to manipulate the Orion pools.
Step 2:
The protocol was attacked on both the Ethereum, and BNB Chain deployment pools.
Step 3:
We took a closer look at one of the attack transactions executed by the exploiter.
Step 4:
The Reentrancy issue existed in its core contract, specifically in the _doSwapTokens function, which led to the miscalculation of USDT balance.
Step 5:
To be specific, the miscalculated userAmountOut value in the _doSwapTokens function would turn to another argument amountIn, which would then be passed into LibExchange.creditUserAssets function, where assets were mistakenly updated.
Step 6:
The exploiter first deposited 0.5 USDC, received around $2.84 million USDT from Uniswap V2 Pair using flash swap, and swapped 0.0001 USDC through Origin Pool to receive USDT.
Step 7:
Approximately $2.8 million USDT were sent to the Router, which then manipulated the swaps on Orion pools to double the amount of USDT, then $5.6 million USDT were withdrawn from which ~ $2.8 million were sent back to the pool.
Step 8:
The proceeds generated approximately $2.8 million USDT, which was exchanged for 1651 ETH and sent to the attacker's wallet.
Step 9:
The hacker then funneled approximately 1100 ETH into Tornado Cash.
Step 10:
The other attack transaction on BNB Chain netted the exploiter approximately $191,434.
Aftermath#
Following the incident, Alexey Koloskov, CEO of Origin Protocol, posted a lengthy thread on Twitter, claiming that they have reason to believe that the problem was not caused by shortcomings in their core protocol code, but rather by a vulnerability in mixing third-party libraries in one of the smart-contracts used by experimental and private brokers.
The exploited contract was used by one of their experimental brokers, with the company's treasury in the broker's account balance, thus all users funds are assured to remain intact.
Solution#
Reentrancy attack is one of the common, and significant smart contract attack vectors. A sophisticated reentrancy attack was carried out on The DAO, allowing a hacker to steal approximately 3.6 million ETH from The DAO's smart contract.
A mutex can be used to make the function of a smart contract non-reentrant. Incomplete non-Reentrant mutex, on the other hand, can result in cross-contract or cross-function Reentrancy.
Another method for preventing reentrancy attacks is to use checks-effects-interactions design to ensure that all state changes take place internally before calling external smart contracts.
A team should also perform multiple and extensive security audit of their protocol to ensure that all the potential vulnerabilities are identified, and addressed in attempts to further secure the protocol.
We may not have prevented the occurrence of this hack, however the impact or aftermath of this attack could have been significantly reduced if Orion Protocol had set up a dedicated cover pool in the Neptune Mutual marketplace. We offer coverage to users who have suffered a loss of funds or digital assets occurring as a result of smart contract vulnerabilities owing to our parametric policies.
Users who purchase the available parametric cover policies do not need to provide loss evidence in order to receive payouts. Payouts can be claimed as soon as an incident is resolved through the incident resolution system. At the moment, our marketplace is available on two popular blockchain networks, Ethereum, and Arbitrum.
Neptune Mutual's security team would also have evaluated the platform for DNS and web-based security, frontend and backend security, intrusion detection and prevention, and other security considerations.
Reference Sources PeckShield, BlockSec
