# Sentiment Exploit: Recovery Plan ## Introduction On Apr 4, 2023 a malicious transaction resulted in the unauthorized extraction of user funds from the Sentiment protocol. A technical postmortem will be released shortly. The exploiter converted all the ill gotten funds to ETH and transferred the assets through several bridges from Arbitrum to Ethereum mainnet. After a series of negotiations, the exploiter has returned the 90% of the funds, and with the assistance of Sherlock, [additional funds were recouped](https://twitter.com/sherlockdefi/status/1644361431826206720). Below is a detailed description of the plan to remove bad debt from the protocol and make Sentiment users whole. This plan is based on thoughtful consideration among advisors and core contributors with the main objective of making Sentiment users whole. ## Main Issue In brief, the exploiter was able to manipulate oracle pricing for a Balancer LP token and exploit the Sentiment protocol to borrow against a maliciously inflated asset price. This allowed the exploiter to extract funds from Sentiment leaving their Sentiment account with approximately $1,092,191.98 of bad debt at the time of the exploit. The accounting for the exploiters account after the hack is as follows: ### Debt * USDC = 463,920 * USDT = 363,303 * ETH = 81.63 (~$152,938.06) * FRAX = 125,804 **Total Debt = $1,105,965** (increasing every block due to interest accrual) ### Assets * BPT_WETH_WBTC_USD (Balancer LP token) = 221.2(~$90,585.24) * USDC = 488.1 * USDT = 639 * FRAX = 4875 * WETH = 0.919 (~$1,707.66) **Total Assets = $98,287.74** ## Funds Recovered A group of independent contributors and the Sentiment team negotiated the return of 90% of the funds misappropriated. This amount is 465.75 ETH ($872,724.60). Sherlock covered $49,275.77 (in USDC) and an additional $16,425.26 (in USDC) pending from Nexus Mutual, bringing the total insured amount to $65,701.03. The Sentiment core team determined to use internal treasury to provide the difference of the recovered funds amount, to make users whole. ## Recovery Process The Sentiment protocol is deployed only on Arbitrum. After the exploit the exploiter extracted funds from the Sentiment protocol, the exploiter converted all the funds to ETH and bridged the ETH from Arbitrum to Mainnet. After successful negotiations the exploiter returned funds to the Sentiment Deployer on ETH mainnet, which were sent to a multisig where they are at the time of this writing [seen here](https://etherscan.io/address/0x7582BC8402865c57bC55320B2a3Fe8EaC46C233C). The Recovery will occur in 2 phases ### Phase 1: Setup * The ETH and USDC that is currently in [this multisig](https://etherscan.io/address/0x7582BC8402865c57bC55320B2a3Fe8EaC46C233C) will be sent from the recovery multisig on ETH mainnet, to a multisig on Arbitrum. * Once the ETH and USDC is confirmed in the Arbitrum multisig, they will be exchanged for the equivalent of the debt assets * USDC = 463,920 * USDT = 363,303 * ETH = 81.63 (~$152,938.06) * FRAX = 125,804 ### Phase 2: Liquidation It appears that the optimal way to maximize an equitable restitution for Sentiment users will be to liquidate the exploiters account and relinquish the Sentiment Earn pools of bad debt. The liquidation and after effects can be understood as follows. The account to be liquidated can be seen here: https://arbiscan.io/address/0xdf346f8d160424c79cb8e8b49b13dd0ca61c3b8c The Sentiment protocol refrains from taking an active role in liquidating accounts. For this reason, [Wintermute](https://wintermute.com/) has agreed to perform the liquidation in good faith to help streamline the process for all Sentiment users. Recovered funds will be converted into their respective tokens and amounts to fulfill the debt requirement of the account: * USDC = 463,920 * USDT = 363,303 * ETH = 81.63 (~$152,938.06) * FRAX = 125,804 These tokens to fulfill the debt requirement will be transferred to Wintermute so that they can be used to liquidate the account. Wintermute will initiate an onchain transaction to liquidate the bad debt account. Once the liquidation is completed, there will be an official announcement and the transaction will be shared with the community. The following section will explain the redemption process for users. ## Redemption After the liquidation, all of the bad debt in the protocol will be extinguished, and the only borrows that remain will be the “good debt” currently held by Sentiment account users. What this means is that, Sentiment “Earn” depositors can be assured that their Ltokens (deposit receipt tokens) will be able to be redeemed for the initial capital they deposited plus any interest accrued. Sentiment users will not have to go through a claims process, as they will only have to withdraw their capital if they wish to in a normal fashion from the Sentiment protocol user interface. On completion of the liquidation, users will once again be able to deposit funds and borrow assets.
Last changed by  
Sentiment
872

Read more

Incident Postmortem: Apr-04-2023

Overview This article analyzes the incident affecting Sentiment that took place at 1750 UTC on 4th April 2023. This postmortem is a result of discussions with Zach, Alex, WatchPug, Sherlock and builds upon their analyses. We thank them for their support throughout the process. Root Cause Analysis The root cause is a view-only reentrancy bug exposed in Balancer pools when removing liquidity with one of the return tokens being ETH. Since the entry point is a non-mutating view call it could not be protected by a reentrancy guard allowing the caller to take control of execution and run arbitrary code. During liquidity withdrawal operations ("exit pool") Balancer first burns the LP Tokens (BPTs) and transfers funds to the user before updating its balances. Since this is not CEI-conformant it results in an intermediate state where the totalSupply() of the BPTs is reduced and some of the tokens could have been transferred, but internal asset balances are yet to be updated. Typically the intermediate state described above is harmless because there's no way to exploit it. Unfortunately, this is not the case with when one of the return tokens is ETH. Balancer uses a low level call() to transfer ETH to the caller which allows them to reenter and take control of execution in the intermediate state with inaccurate internal balances as described above.

4/9/2023
Incident Postmortem: Dec-20-2022

Root Cause Analysis Sentiment uses a custom oracle to price Curve Tricrypto LP Tokens throughout the protocol. The oracle used Curve's recommended method to fetch the price of an LP Token: function getPrice(address) external view returns (uint) { return curveTriCryptoOracle.lp_price() * 1e18 / pool.price_oracle(1); } curveTriCryptoOracle.lp_price() returns the USD price of the LP token. Since sentiment prices all tokens in terms of ETH we need to divide this USD price by the current ETH/USD price to compute the ETH-denomiated price of the token. We divide the price returned by the oracle by pool.price_oracle(1), the price of ETH in the curve pool and this snippet forms the root cause of this bug. pool.price_oracle(1) reflects the internal price of ETH in the pool and is susceptible to large changes over time. In this case we saw the following price changes of pool.price_oracle(1) jump from $1216.55 to $1379.44 (+13.38%) in less than 1 sec between consecutive blocks 47637853 and 47637854. Ahead of the liquidation in block 47637889, the price of ETH was $1389.50 which represents a cumulative increase of 14.21% over the span of 12 seconds. There was no corresponding change in the market price of ETH during this duration.

4/7/2023
Read more from Sentiment
Published on HackMD