TL;DR#
On May 13, 2023, the SELLC token of the SellToken project was exploited in the BNB chain, resulting in the loss of approximately $87,000.
Introduction to Sell Token#
SellToken is a decentralized short trading exchange that executes requests based on the operations submitted by users' short trading requests.
Vulnerability Assessment#
The root cause of the vulnerability is price manipulation caused by the flawed calculation of their token price.
Steps#
Step 1:
We attempted to analyze one of the attack transactions executed by the exploiter.
Step 2:
The exploiter took a flash loan of roughly 1902 WBNB from multiple providers and exchanged 400 WBNB for 4,975,497 $SELLC tokens on PancakeSwap.
Step 3:
They then used approximately 13.37 BNB to short $SELLC tokens and later swapped 4,975,497 $SELLC tokens for 408 WBNB on PancakeSwap.
Step 4:
The profit from this shorting was approximately 39.28 WBNB, which were withdrawn from SellToken's contracts, after which the remaining balances were used to repay the borrowed amount of the flash loan.
Step 5:
In order for the attack to succeed, the exploiter had initially transferred 1.8 BNB, allowing this attack contract to take a high price position for the exploit.
Step 6:
The attacker made a profit of approximately 279 BNB, or roughly $87,000 from the exploit.
Solution#
The attack succeeded because the attacker was able to artificially manipulate the price of the token. The incident brings attention to a few key principles for DeFi project safety.
For DeFi protocols, the security of Price Oracle is essential. Using trusted price oracle services that aggregate price data from multiple sources and guard against manipulation can help mitigate price manipulation exploits. Regular contract audits and rigorous testing could identify potential vulnerabilities and help rectify them before they are exploited.
Additionally, a well-designed economic model that considers potential attack vectors can mitigate the risk of exploitation. This could involve creating safeguards that limit maximum profit from trades or incorporating an automated system that temporarily halts trading in the event of drastic price changes.
We may not have prevented the occurrence of this hack, however the impact or aftermath of this attack could have been significantly reduced if the team associated with Sell Token had set up a dedicated cover pool in the Neptune Mutual marketplace. We offer coverage to users who have suffered a loss of funds or digital assets occurring as a result of smart contract vulnerabilities owing to our parametric policies.
Users who purchase the available parametric cover policies do not need to provide loss evidence in order to receive payouts. Payouts can be claimed as soon as an incident is resolved through the incident resolution system. At the moment, our marketplace is available on two popular blockchain networks, Ethereum, and Arbitrum.
Neptune Mutual's security team would also have evaluated the platform for DNS and web-based security, frontend and backend security, intrusion detection and prevention, and other security considerations.
Reference Source BlockSec
