Beosin: LibertiVault contract on the Polygon chain has been attacked due to its reentrancy vulnerability.
2023-07-11 10:35:03
Odaily News According to Beosin's monitoring tool, Beosin EagleEye, the LibertiVault contract on the Polygon chain has been attacked, resulting in a loss of approximately 123 ETH and 56,234 USDT, with a total value of about $290,000. Additionally, on the Ethereum chain, approximately 35 ETH and 96,223 USDT, worth about $160,000, were affected, bringing the total to over $450,000. Technical analysis revealed that this attack was caused by a reentrancy vulnerability in the LibertiVault contract.
1. The attacker borrowed 5 million USDT through flash loans and called the LibertiVault contract's deposit function for collateral. The collateral logic of the contract would use a portion of the collateral tokens for swapping and then calculate the minting quantity. The minting quantity is calculated based on the ratio of the tokens deposited this time to the contract's balance before the deposit.
2. The swap operation calls the hacker's contract, where the hacker initiates the first reentrancy by calling the deposit function and performs a second reentrancy within this function, injecting 2.5 million USDT into the contract.
3. After the second reentrancy is completed, the contract mints tokens for the hacker based on the ratio between 2.5 million USDT and the previous contract's USDT balance. After the completion of the first reentrancy in the deposit function, the hacker injects another 2.5 million USDT.
4. At this point, the swap operation in the outer deposit function is executed, and the contract mints tokens based on the ratio between 2.5 million USDT and the contract's USDT balance.
5. The issue lies in the fourth point. Ideally, the second calculation of the contract's balance should include the previous balance plus the 2.5 million injected in the first reentrancy. However, due to the reentrancy, the contract's balance was already obtained at the beginning, so the parameter didn't change and the original balance was used for the calculation, resulting in a large number of tokens being minted for the hacker.
6. Finally, the hacker removes the minted tokens and profits from the flash loan.
1. The attacker borrowed 5 million USDT through flash loans and called the LibertiVault contract's deposit function for collateral. The collateral logic of the contract would use a portion of the collateral tokens for swapping and then calculate the minting quantity. The minting quantity is calculated based on the ratio of the tokens deposited this time to the contract's balance before the deposit.
2. The swap operation calls the hacker's contract, where the hacker initiates the first reentrancy by calling the deposit function and performs a second reentrancy within this function, injecting 2.5 million USDT into the contract.
3. After the second reentrancy is completed, the contract mints tokens for the hacker based on the ratio between 2.5 million USDT and the previous contract's USDT balance. After the completion of the first reentrancy in the deposit function, the hacker injects another 2.5 million USDT.
4. At this point, the swap operation in the outer deposit function is executed, and the contract mints tokens based on the ratio between 2.5 million USDT and the contract's USDT balance.
5. The issue lies in the fourth point. Ideally, the second calculation of the contract's balance should include the previous balance plus the 2.5 million injected in the first reentrancy. However, due to the reentrancy, the contract's balance was already obtained at the beginning, so the parameter didn't change and the original balance was used for the calculation, resulting in a large number of tokens being minted for the hacker.
6. Finally, the hacker removes the minted tokens and profits from the flash loan.
Recommended Articles
Pro
Download Odaily App
Let Some People Understand Web3.0 First
IOS
Android