Gas Optimization In Solidity: Strategies For Cost-Effective Smart Contracts
Gas is the “fuel” that powers smart contract execution. This article offers practical strategies for Solidity gas optimization.
🇺🇦 Hacken stands with Ukraine!Learn more
The crypto industry was shaken a bit on the 13th of March, 2023. An attacker exploited the Euler Finance protocol for a record-breaking $187 million flash-loan attack.
According to on-chain reports, the hacker stole $187 million from the Euler Finance protocol. So far, this tops the list of the biggest hacks in 2023. How did it happen?
The hacker created three contracts; a primary one, then two others for violation and liquidation. They got a flashloan of 30 million DAI from Aave, a flashloan protocol, and sent it to the violation contract.
The hacker deposited 20 million DAI to Euler Protocol and got approximately 19.6 million eDAI in return. Then they leveraged the 19.6 million eDAI to borrow approximately 195.6 million eDAI and 200 million dDAI.
Recall that the hacker still has 10 million DAI left out of the 30 million DAI they borrowed. They used the remaining 10 million DAI to repay some of their debt. This was important because the Euler Finance smart contract checks the health score of borrowing accounts. Balance is now 190 million dDAI. Then they borrowed another 195.6 million eDAI and 200 million dDAI.
At this point, the hacker donated 100 million eDAI to the Euler protocol reserve. This call was successful because the donateToReserve function has no liquidity check. The liquidation call was successful, and the attacker got 254 million dDAI and 310 million eDAI. They repaid Aave its 30 million DAI and made about 8.7 million DAI from the exploit.
It didn’t end there. The attacker also used this address [00x47ac3527d02e6b9631c77fad1cdee7bfa77a8a7bfd4880dccbda5146ace4088f] to execute this same attack logic with WETH.
The attacker’s actions:
After careful analysis, we discovered that the hacker exploited two vulnerabilities in the Euler Finance contract.
1. Lack of liquidity checks on the donateToReserves function. The donateToReserve function allows the users of Euler to deposit funds into the reserved address. Everyone who calls this function has both Debt Token (DToken) and Equity Token (EToken).
The main vulnerability of this function is that it doesn’t check or confirm the liquidity status of the borrower. So the users can under-collateralize their leverage by donating their Equity Tokens to the reserve while their Debt Tokens remain unchanged. This creates a form of technical bad debt. So the hacker’s liquidation contract successfully withdrew from the protocol.
2. The Healthscore Flaw. Euler finance has a design for assigning health scores to accounts. It allows insolvent accounts to get the collateral without repaying the outstanding debt. This was spelled out in the computeLiqOpp function.
The logic behind this code block is that seizing all the borrower’s collateral does not necessarily mean they will still be solvent. Hence, whatever collateral they have left should suffice. However, an attacker can exploit this logic by carrying out under-collateralized leverage.
On the 14th of March, the Euler team issued a release on their Twitter account and mentioned their 3 action steps:
While the Euler team is trying to recover from the attack, there are a few lessons from this exploit:
Test thoroughly. On a closer look, the donateToReserve function was not properly tested. As seen on their GitHub, It was not tested for donating after borrowing and health score after donating. The team could have mitigated this attack if they had tested the vulnerable function against every possible scenario. This is more critical when new logic and functions are introduced to an existing codebase. As in the case of the donateToReserve function, test new improvements in the smart contract.
Audit more rigorously. Six Web3 security companies had audited Euler Finance, yet this attack occurred. It’s fair to say that not all audits reviewed the faulty function. Still, some audits are not done deeply and can leave out of scope important functions, so it’s better to have a comprehensive audit.
Request a Smart Contract Audit that makes a difference.