Taking a Closer Look At Shido Exploit

4 min read

Learn how an attacker exploited Shido to steal assets worth approximately 976 BNB.

TL;DR#

On June 23, 2023, Shido was exploited on the BNB chain due to a configuration error, which resulted in a loss of 976 BNB, worth approximately $238,500.

Introduction to Shido#

Shido Chain is a L1-sharded PoS blockchain built on the Cosmos Network.

Vulnerability Assessment#

The root cause of the vulnerability is the configuration error on the lock and claim mechanism, as well as the price difference between their old and new token pools.

Steps#

Step 1:

We attempt to analyze the attack transaction executed by the exploiter.

Step 2:

The exploiter initially took a flash loan of 40 WBNB and swapped 39 WBNB to obtain 10,436,972,685.676390697 Shido Inu: SHIDO Token (9 decimal) in the PancakeSwap V2: SHIDO-WBNB pool, with the recipient being the AntiBotLiquidityGeneratorToken contract of SHIDO.

Step 3:

The attacker then used 0.01 BNB to call the addLiquidityETH function in the AntiBotLiquidityGeneratorToken contract and transferred the SHIDO swapped in the previous step to the attack contract.

Step 4:

The attack contract locks the SHIDO v1 tokens in the ShidoLock contract; however, the attacker is able to unlock and withdraw a large number of v2 tokens immediately due to the configuration error of the ShidoLock contract.

Step 5:

This allowed the exploiter to sequentially invoke calls to ShidoLock.lockTokens and ShidoLock.claimTokens to convert 10,436,972,685.676390697 Shido Inu: SHIDO Token (9 decimals) to 10,436,986,704,133,494,387,000,000,000 SHIDO Token (18 decimals).

function lockTokens() external {
  uint256 amount = IERC20(shidoV1).balanceOf(msg.sender);
  if (amount == 0) revert ZeroAmount();
  userShidoV1[msg.sender] += amount;
  IERC20(shidoV1).transferFrom(msg.sender, rewardWallet, amount);
}

function claimTokens() external {
  if (block.timestamp < lockTimestamp) revert WaitNotOver();
  uint256 amount = userShidoV1[msg.sender] * 10 ** 9;
  if (amount == 0) revert ZeroAmount();
  userShidoV1[msg.sender] = 0;
  userShidoV2[msg.sender] += amount;
  IERC20(shidoV2).transferFrom(rewardWallet, msg.sender, amount);
}

Step 6:

The exploiter then swapped these SHIDO tokens for 1,016 WBNB, repaid the flash loan, and took away their share of 976 WBNB as profits from the exploit.

Step 7:

The exploiter has already transferred 1 BNB to Tornado Cash and bridged the stolen funds to Ethereum, subsequently transferring 125 ETH to Tornado Cash.

Aftermath#

Following the exploit, the team acknowledged the occurrence of the incident on their BNB-side migration platform and stated that they were investigating the case.

They further confirmed that a fix had been deployed by their developers and that they had prepared resources to facilitate the transition and swift restoration of their operations. The team also shared the complete details of their recovery plan. 

Solution#

This exploit underscores the vital importance of rigorous and thorough smart contract testing. Had there been a comprehensive set of unit, integration, and functional tests in place, the configuration error on the lock and claim mechanism could have been detected before deployment. Specifically, the discrepancy between the token pools and the faulty setup of the ShidoLock contract might have been flagged.

The implementation of formal verification tools would have been beneficial to ensure the behavior of the smart contracts was as intended. These tools mathematically prove the correctness of code against a specific set of requirements or properties and could have identified the configuration error and potential for this attack.

Additionally, smart contracts frequently require access to time values in order to perform certain types of functions. Values such as `block.timestamp` can provide an indication of the current time or a time delta, but they are not suitable for most purposes.

The attack on Shido demonstrates how catastrophic a lack of these measures can be and the paramount importance of DeFi insurance. While no security measures can guarantee absolute safety, the impact of such exploits can be significantly mitigated by the coverage offered by solutions like Neptune Mutual.

Had the Shido team utilized the coverage policies provided by Neptune Mutual, the losses could have been considerably reduced. Neptune Mutual offers parametric policies, which can compensate for losses of funds or digital assets as a result of smart contract vulnerabilities.

In this case, users who purchased these policies from Neptune Mutual wouldn't need to provide evidence of their loss; they could claim their payout as soon as the incident was resolved. Neptune Mutual operates on the EthereumBNB Chain, and Arbitrum networks, which would have been perfect for Shido on the BNB chain.

Furthermore, Neptune Mutual doesn't limit its services to smart contract insurance. Its security team also assesses the platform for other potential vulnerabilities, such as DNS and web-based security issues, frontend and backend security, intrusion detection and prevention, and more. This well-rounded approach ensures a fortified and more secure platform, minimizing the potential risks.

Reference Sources BlockSecBeosin

By

Tags