The crypto industry was shaken a bit on the 13th of March, 2023. An attacker exploited the Euler Finance protocol for a record-breaking $187 million flash-loan attack.
According to on-chain reports, the hacker stole $187 million from the Euler Finance protocol. So far, this tops the list of the biggest hacks in 2023. How did it happen?
Inside the Attack
The hacker created three contracts; a primary one, then two others for violation and liquidation. They got a flashloan of 30 million DAI from Aave, a flashloan protocol, and sent it to the violation contract.
The hacker deposited 20 million DAI to Euler Protocol and got approximately 19.6 million eDAI in return. Then they leveraged the 19.6 million eDAI to borrow approximately 195.6 million eDAI and 200 million dDAI.
Recall that the hacker still has 10 million DAI left out of the 30 million DAI they borrowed. They used the remaining 10 million DAI to repay some of their debt. This was important because the Euler Finance smart contract checks the health score of borrowing accounts. Balance is now 190 million dDAI. Then they borrowed another 195.6 million eDAI and 200 million dDAI.
At this point, the hacker donated 100 million eDAI to the Euler protocol reserve. This call was successful because the donateToReserve function has no liquidity check. The liquidation call was successful, and the attacker got 254 million dDAI and 310 million eDAI. They repaid Aave its 30 million DAI and made about 8.7 million DAI from the exploit.
It didn’t end there. The attacker also used this address [00x47ac3527d02e6b9631c77fad1cdee7bfa77a8a7bfd4880dccbda5146ace4088f] to execute this same attack logic with WETH.
The attacker’s actions:
borrowed 20895 WETH flashloan from Aave
deposited 13930 WETH into the EToken pool
minted ETokens and received 13930 from the pool
paid 6965 WETH to improve health score
minted 13930 WETH and donated 69650 WETH
the liquidation contract received 28994 WETH
paid back Aave and took away 8099 ETH ($135,630,71)
What were the vulnerabilities?
After careful analysis, we discovered that the hacker exploited two vulnerabilities in the Euler Finance contract.
1. Lack of liquidity checks on the donateToReserves function. The donateToReserve function allows the users of Euler to deposit funds into the reserved address. Everyone who calls this function has both Debt Token (DToken) and Equity Token (EToken).
The main vulnerability of this function is that it doesn’t check or confirm the liquidity status of the borrower. So the users can under-collateralize their leverage by donating their Equity Tokens to the reserve while their Debt Tokens remain unchanged. This creates a form of technical bad debt. So the hacker’s liquidation contract successfully withdrew from the protocol.
2. The Healthscore Flaw. Euler finance has a design for assigning health scores to accounts. It allows insolvent accounts to get the collateral without repaying the outstanding debt. This was spelled out in the computeLiqOpp function.
The logic behind this code block is that seizing all the borrower’s collateral does not necessarily mean they will still be solvent. Hence, whatever collateral they have left should suffice. However, an attacker can exploit this logic by carrying out under-collateralized leverage.
How is the Euler Finance team handling the situation?
On the 14th of March, the Euler team issued a release on their Twitter account and mentioned their 3 action steps:
Stop the attack
Engage more ETH Security companies
Involve the law enforcement agencies
Possibly negotiate with the hacker
Lessons Learned from the Attack
While the Euler team is trying to recover from the attack, there are a few lessons from this exploit:
Test thoroughly. On a closer look, the donateToReserve function was not properly tested. As seen on their GitHub, It was not tested for donating after borrowing and health score after donating. The team could have mitigated this attack if they had tested the vulnerable function against every possible scenario. This is more critical when new logic and functions are introduced to an existing codebase. As in the case of the donateToReserve function, test new improvements in the smart contract.
Audit more rigorously. Six Web3 security companies had audited Euler Finance, yet this attack occurred. It’s fair to say that not all audits reviewed the faulty function. Still, some audits are not done deeply and can leave out of scope important functions, so it’s better to have a comprehensive audit.
The blockchain industry has been grappling with scalability issues, which have hindered widespread adoption due to its technical constraints. As the demand for blockchain, decentralized applications (dApps), and transactions increases, the limitations of existing networks become increasingly apparent. High transaction fees and network congestion have plagued platforms like Ethereum, hampering their ability to support large-scale
The experimental semi-fungible token standard, ERC-404, combines elements from ERC-20 and ERC-721 tokens. Despite rising popularity, it has yet to secure an official Ethereum Improvement Proposal (EIP) designation. However, its unique attributes, such as enabling fractional ownership of NFTs and enhancing liquidity, coupled with the potential for automated NFT minting and burning processes, suggest a
Decentralized applications (dApps) are software that run on a decentralized network, often using blockchain technology. These applications can serve various purposes for end users, such as brokers, art collectors, traders, investors, and documents of public trust. However, their functionality and value attract malicious groups aiming to exploit vulnerabilities for financial gain. This article explores real-world examples of dApp security breaches, their attack vectors, and the lessons learned.