TL;DR#
On September 4, 2023, Stake was exploited across multiple chains, resulting in a loss of funds worth approximately $41 million.
Introduction to Stake#
Stake is a cryptocurrency-based online betting platform that ensures a reliable gambling experience.
Vulnerability Assessment#
The root cause of the exploit is likely due to the compromise of the private keys.
Steps#
Step 1:
We attempt to analyze one of the attack transactions executed by the exploiter.
Step 2:
Let's take a closer look at the permit function of the vulnerable smart contracts.
// --- Approve by signature ---
function permit(
address holder,
address spender,
uint256 nonce,
uint256 expiry,
bool allowed,
uint8 v,
bytes32 r,
bytes32 s
) external {
bytes32 digest = keccak256(
abi.encodePacked(
"\x19\x01", DOMAIN_SEPARATOR, keccak256(abi.encode(PERMIT_TYPEHASH, holder, spender, nonce, expiry, allowed))
)
);
require(holder != address(0), "Dai/invalid-address-0");
require(holder == ecrecover(digest, v, r, s), "Dai/invalid-permit");
require(expiry == 0 || now <= expiry, "Dai/permit-expired");
require(nonce == nonces[holder]++, "Dai/invalid-nonce");
uint256 wad = allowed ? uint256(-1) : 0;
allowance[holder][spender] = wad;
emit Approval(holder, spender, wad);
}
Step 3:
This part of the code from the above function
`uint wad = allowed ? uint(-1) : 0;`
allows setting the allowance to `unit(-1)` or the maximum value of the `unit` range if the permit signature was valid. Therefore, rather than putting a cap on the allowance amount, it enables an unlimited allowance.
Step 4:
Therefore, by design choice, the Stake wallet willingly signed and sent the permit transaction, enabling some spenders to have an unlimited allowance.
Step 5:
Due to the likely scenario of the private keys being compromised to sign a malicious permit, it allowed the exploiter to drain all funds from the affected account. The hacker transferred the funds in chunks, repeatedly using multiple transactions, until the balance was drained.
Step 6:
Even though the exploiter had access to the private key, they still chose to use permit signature validation to transfer the assets. This is likely due to the reasons leading to gas cost optimization.
Step 7:
For the hacker to call the approve function on the DAI contract, it would require them to complete two transactions: one to approve the allowance and another to transfer the funds.
However, with the permit signature, it would require them to complete just one transaction to call the permit function with a valid signature and transfer the funds within the same call.
Step 8:
Thus, the exploiter crafted a permit signature for the DAI contract, allowing their address to transfer unlimited DAI from the Stake's contract. Specifically, they would set the `allowed` parameter to `true` for the `wad` to be set to `uint(-1)` for an unlimited allowance.
Step 9:
The process was repeated to transfer the maximum possible DAI balance from Stake's contract to themselves, thereby draining the DAI balance. It was also repeated across all the affected chains in order to steal the funds from the associated contracts.
Step 10:
The stolen assets across multiple chains include 9620 ETH worth $15.7 million on the Ethereum Mainnet, 14.24 million MATIC worth $7.85 million, and 82650 BNB worth $17.7 million.
Step 11:
At the time of this writing, the stolen funds are currently held at these addresses:
Ethereum Mainnet
Address 0x7d84...ab4e: $898,710
Address 0xba36...f30e: $1,099,509
Address 0x94F1...8E8A: $9,766,302
Address 0xBDA8...0C83: $3,892,560
Polygon Network
Address 0xa262…9685e: $1,808,820
Address 0xf835…d3dc: $70,695
Address 0xa2e8…8032: $4,265,959
Address 0x328…7ce2: $1,818,418
BNB Chain
Address 0x000…a0be: $7,733,916
Address 0x95b6…b237: $5,015,326
Address 0xbced…30aa: $1,784,830
Address 0xe03a…bd62: $614,277
Address 0xff2…82e5: $2,563,028
Aftermath#
The team communicated about the incident roughly four and a half hours after the first public report of the occurrence of the suspicious activity. They stated that unauthorized transactions were made from Stake's hot wallet across the ETH and BNB chains but didn't acknowledge the exploit on the Polygon network. According to the team, users' funds were safe.
A later tweet by the team stated that all services have resumed and that deposits and withdrawals are being processed for all currencies. There has been no detailed explanation of the incident by the team, nor have they chosen to provide relevant and timely communication for the same.
Solution#
The recent exploit on the Stake platform, affecting Ethereum, Polygon, and BNB chains, highlights the critical need for a comprehensive security strategy in the decentralized finance space. While analyzing the vulnerability, it becomes evident that certain practices could have significantly mitigated the risk. However, the ultimate solution lies in combining traditional security measures with innovative approaches like Neptune Mutual.
One of the first lines of defense should involve the use of hardware wallets to store private keys offline. By keeping these keys physically disconnected from the internet, it becomes exceedingly difficult for malicious actors to compromise them. This step alone could have prevented unauthorized access to the private keys, which was likely the root cause of the Stake exploit.
Cold storage, the practice of storing private keys on a machine that is not connected to the internet, is also an effective tactic to prevent such attacks. Even if private keys were compromised, the fact that they are not readily accessible online makes it extremely challenging for hackers to utilize them.
However, despite the best security measures, vulnerabilities can still be exploited. This is where Neptune Mutual comes into play. In the event of security incidents like the Stake exploit, having a dedicated cover pool with Neptune Mutual could have significantly reduced the aftermath. Neptune Mutual offers coverage to users who suffer losses due to smart contract vulnerabilities through its parametric policies.
Users who purchase our parametric cover policies do not need to provide evidence of their loss to receive payouts. Once an incident is confirmed and resolved through our incident resolution system, payouts can be claimed immediately.
Furthermore, Neptune Mutual operates across various popular blockchain networks, including Ethereum, Arbitrum, and the BNB chain. This wide reach ensures that it can serve a diverse range of DeFi users and offer protection against potential vulnerabilities. In times of uncertainty, having the backing of Neptune Mutual can provide peace of mind to DeFi participants, knowing that their investments are safeguarded.
Reference Source Cyvers, 0xArhat
