On May 20, 2023, Beijing time, Tornado.Cash suffered a proposal attack, and the attacker has made a profit of about 680,000 US dollars.

first level title

Attack contract:

Attacker address:

0x092123663804f8801b9b086b03B98D706f77bD59

0x592340957eBC9e4Afb0E9Af221d06fDDDF789de9

Attack contract:

0xAF54612427d97489707332efe0b6290F129DbAcb

0x03ecf0d22f9ccd21144a7d492cf63b471916497a

0x7dc86183274b28e9f1a100a0152dac975361353d (deployment contract)

Attacked contract:

Attacked contract:

0x5efda50f22d34F262c29268506C5Fa42cB56A1Ce

Attack transactions:

0x34605f1d6463a48b818157f7b26d040f8dd329273702a0618e9e74fe350e6e0d

Attack transactions:

0x3274b6090685b842aca80b304a4dcee0f61ef8b6afee10b7c7533c32fb75486d

Attack process:

(1) First, the attacker (0x 59234095 ) initiated a proposal to the attacked contract (0x5efda50f), claiming that this proposal is a supplement to Proposition 16

(2) But there is actually an additional self-destruct function in the proposal.

(3) Unfortunately, the community did not find any problems in this proposal, and most members voted to pass this proposal.

(4) The attacker created many contracts to implement the transfer of tokens

(5) The attacker (0x 59234095 ) destroyed the proposal contract (0xc503893b) and his creation contract (0x7dc86183). The attack contract (0xc503893b) was subsequently redeployed at the same address.

(6) After modifying the proposal contract, the attacker (0x 59234095 ) executes the proposal and modifies the token lock amount of the contract address under his control to 10000.

Vulnerability analysis:

Vulnerability analysis:

Since the creation contract (0x7dc86183) of the proposal contract (0xc503893b) is deployed through creat 2, after the two contracts are destroyed, a new logic contract can be deployed on the same address, and the execution of the proposal is invoked in the form of a delegatecall, attacking the contract The value in the attacked contract can be modified arbitrarily.

first level title

The reason for this incident is that the community failed to discover the risks in the proposal when checking the proposal, and did not carefully verify whether the code of the proposal contract had security vulnerabilities.

2. Security Recommendations

In response to this attack, we should follow the following precautions during the development process:

(1) When designing proposals, fully consider the security of the proposal mechanism and minimize the risk of proposals being centrally controlled. Consider reducing the value of attacks, increasing the cost of obtaining voting rights, and increasing the cost of executing attacks. Actually properly designed.

(2) Before voting on the proposal, the community should carefully check whether the contract code has a backdoor.

official website

About Us

SharkTeam's vision is to comprehensively protect the security of the Web3 world. The team is composed of experienced security professionals and senior researchers from all over the world. They are proficient in the underlying theory of blockchain and smart contracts, and provide services including smart contract auditing, on-chain analysis, and emergency response. It has established long-term cooperative relationships with key players in various fields of the blockchain ecosystem, such as Polkadot, Moonbeam, polygon, OKC, Huobi Global, imToken, ChainIDE, etc.

official website | Twitter