• Synthetix Oracle
  • Intro
  • Root Cause
  • Attack Procedure
  • Remediation
• BedRock Flash Loan Attack
  • Introduction
  • Reference
  • Contract links
  • Attack Steps
  • Summary
  • Lesson Learned

Synthetix Oracle

Intro

a
Synthetix 是一個DeFi合成資產的 protocol，允許用戶 mint 和交易各種與現實世界資產(RWA)掛鉤的合成代幣 (Synth)

• 法幣
• 加密貨幣 - 例如 sKRW (韓元), sETH以及原生token SNX
• 大宗商品

整個系統的合成資產價格來自於預言機 (Oracle) 提供的外部資料，例如匯率、商品或加密貨幣的價格。

https://kermankohli.substack.com/p/defi-audit-1-synthetix
https://medium.com/cortexlabs/defi科普系列之-三-深入理解synthetix如何玩转合成资产-47c4f585563e

Root Cause

Synthetix在2019 年中發生了一次 Oracle 報價錯誤，大致可以歸因於

• Synthetix Oracle 供應商的sKRW price feed出現了價格錯誤
• Synthetix 只使用了兩個private oracle feed

此次價格錯誤讓sKRW/sETH的匯率從 360,000 sKRW：1 sETH -> 變成了高價 720 sKRW：1 sETH

導致持有sKRW的套利機器人帳戶的明面資產被膨脹

攻擊者隨後將"被通膨"的sKRW轉換成 sETH實現套利

Two API’s had different independent outages simultaneously, and our error handling and aggregation logic failed to handle this.
The pricing error was intermittently setting the rate for KRW to 1000x more than it actually was.

https://blog.synthetix.io/response-to-oracle-incident/

Attack Procedure

攻擊流程相對簡單，攻擊者(套利機器人)只是在對的時間點實行exchange function進行兌換

https://etherscan.io/tx/0x93819f6bbea390d7709fa033f5733d16418674e99c43b9ed23adb4110d657f0c

此次事件，攻擊者同意reserve這筆交易以換取bounty

We have since been in contact with the owner of the bot, who has agreed to reverse the trades in exchange for a bug bounty.

Remediation

文中Synthetix提及將Oracle換成Chainlink，但也建議增加下列defense

• Real time monitoring price feed
• Circuit breaker - 當Oracle價格出現失準，合約應該要能暫停交易以避免被套利
• 更多的Oracle供應商避免SPoF (single point of failure)

BedRock Flash Loan Attack

Introduction

Bedrock is a multiple asset liquid restaking protocol, that backed by non-custodial solution designed in partnership with RockX, a longstanding blockchain infrastructure company with strong roots in crypto staking.
Bedrock support multiple assets to do both restaking / staking including:

• uniBTC: A restaking protocol that accept wrapped BTC tokens partnership with the BTC staking protocol Babylon chain, the first supported wrapped BTC is wBTC token on Ethereum blockchain, so all the wBTC token holders will enjoy both yield on staking BTC tokens plus the security of Ethereum network.
  
  

Reference

• DefiHackedLabs Poc
• Certik Alert Twitter
• Verichain Medium
• Lunaray Medium
• QuillAudits
• New uniBTC

Contract links

• Attacker contract
• Exploit contract
• uniBTC contract Already fixed
• Exploit transaction
• Blocksec On-chain analysis

Attack Steps

1. Borrowed 30.8 WETH through Balancer using flashloan
   
2. The attacker called the mint function of Bedrock Vault and transferred 30.8 ETH to Bedrock Vault
   
   Checking the source code of the Vault contract, we can clearly see that this contract expects the native token to be BTC. However, since this contract is deployed on the Ethereum chain, it produces an incorrect conversion ratio (1:1) between uniBTC and ETH, which is a simple but critical error
3. Attacker used 30.8 ETH to mint 30.8 uniBTC
4. Attacker exchanged 30.8 uniBTC for 27.8 WBTC through Uniswap V3
5. Attacker exchanged the 27.8 WBTC for 680.4 WETH through Uniswap V3
6. 30.8 WETH was repaid to Balancer
7. Attacker finally made a profit of 649.6 WETH, which is about 1.7M USD

Summary

The cause of this vulnerability is that the exchange ratio of WETH and uniBTC was not properly handled, resulting in WETH and uniBTC being exchanged at 1:1, and the value of WETH was magnified tens of thousands of times. The attacker used the distorted price to make a profit through lending, and eventually the attacker used the borrowed WETH to empty the project’s uniBTC tokens.

Lesson Learned

For contracts that control the minting or holding of tokens, even a minor error can result in significant security vulnerabilities. Therefore, conducting a security audit before deploying contracts in the production environment is critically important.