TL;DR#
On May 5, 2023, the stablecoin $DEI launched by Deus Finance was exploited on the Ethereum Mainnet, Arbitrum, and BNB Chain, resulting in a total loss of approximately $6.38 million.
Introduction to Deus#
Deus is a peer-to-peer bilateral OTC infrastructure platform that enables on-chain digital derivatives, options, and swaps.
Vulnerability Assessment#
The root cause of the vulnerability is an implementation error in the token contract.
Steps#
Step 1:
We attempted to analyze one of the attack transactions executed by the exploiter.
Step 2:
In an ERC20-like token implementation, the allowances are mapped as _allowances[owner][spender].
Step 3:
However, in their token contract, the order of allowance implementation was flipped.
function burnFrom(address account, uint256 amount) public virtual {
uint256 currentAllowance = _allowances[_msgSender()][account];
_approve(account, _msgSender(), currentAllowance - amount);
_burn(account, amount);
}
Step 4:
Due to this flipped ordering, the attacker is able to approve the victim using their own approval in order to burn the victim's tokens. Additionally, the remaining approval of (allowance - amount) is written back to [victim, attacker] mapping.
Step 5:
The exploiter is able to identify an address holding a huge amount of $DEI tokens and approve to this address. They then invoked a call to the burnFrom function with the victim's address by passing the amount parameter as zero.
Step 6:
Due to implementation issues, the contract grants approval of all tokens from that address to the attacker's address, and then they invoke a call to the transferFrom function in order to take away the assets for their profits.
Step 7:
The exploiter made a profit of over $5 million on Arbitrum. On the BNB Chain, the total profit amounts to approximately $1.3 million and roughly $135,000 on the Ethereum Mainnet.
Aftermath#
Following the attack, the team stated that they had joined forces to work with white hat hackers and partner projects, paused related contracts, and burned DEI to prevent additional damage.
In addition, they further stated that they have taken snapshots of all DEI balances before the tokens were burned and will be formulating a comprehensive recovery and redemption plan after evaluating them.
The Deus V3 contract is completely isolated from DEI, and this remains unaffected during the exploit.
They also declared that they would not pursue any legal action if the funds were returned and would further enlist 20% of the fund as a bounty. In another tweet, they confirmed that a portion of those stolen funds had been successfully returned to the team.
Solution#
The contract mistakenly checked the account's allowance to spend tokens from the sender. It should verify the sender's allowance to spend from the account. This error permitted overriding the sender's allowance and draining the account via the transferFrom function.
The exploit could have been prevented to a greater extent if the contract had properly inherited functionalities from OpenZeppelin Contracts’ ERC20Burnable, which correctly implements the burnFrom function.
We may not have prevented the occurrence of this hack, however the impact or aftermath of this attack could have been significantly reduced if the team associated with Deus Finance had set up a dedicated cover pool in the Neptune Mutual marketplace. We offer coverage to users who have suffered a loss of funds or digital assets occurring as a result of smart contract vulnerabilities owing to our parametric policies.
Users who purchase the available parametric cover policies do not need to provide loss evidence in order to receive payouts. Payouts can be claimed as soon as an incident is resolved through the incident resolution system. At the moment, our marketplace is available on two popular blockchain networks, Ethereum, and Arbitrum.
Neptune Mutual's security team would also have evaluated the platform for DNS and web-based security, frontend and backend security, intrusion detection and prevention, and other security considerations.
Reference Source BlockSec, PeckShield
