[toc] # Synthetix Oracle ## Intro a Synthetix 是一個DeFi合成資產的 protocol，允許用戶 mint 和交易各種與現實世界資產(RWA)掛鉤的合成代幣 (Synth) - 法幣 - 加密貨幣 - 例如 sKRW (韓元), sETH以及原生token SNX - 大宗商品 整個系統的合成資產價格來自於**預言機 (Oracle) 提供的外部資料**，例如匯率、商品或加密貨幣的價格。 > https://kermankohli.substack.com/p/defi-audit-1-synthetix > https://medium.com/cortexlabs/defi科普系列之-三-深入理解synthetix如何玩转合成资产-47c4f585563e <br> ## Root Cause Synthetix在2019 年中發生了一次 [Oracle 報價錯誤](https://blog.synthetix.io/response-to-oracle-incident/)，大致可以歸因於 - Synthetix Oracle 供應商的`sKRW` price feed出現了價格錯誤 - Synthetix 只使用了兩個private oracle feed 此次價格錯誤讓`sKRW/sETH`的匯率從 `360,000 sKRW：1 sETH` -> 變成了高價 `720 sKRW：1 sETH` 導致持有`sKRW`的套利機器人帳戶的明面資產被膨脹 攻擊者隨後將"被通膨"的`sKRW`轉換成 `sETH`實現套利 > Two API’s had different independent outages simultaneously, and our error handling and aggregation logic failed to handle this. > The pricing error was intermittently setting the rate for KRW to 1000x more than it actually was. https://blog.synthetix.io/response-to-oracle-incident/ <br> ## Attack Procedure 攻擊流程相對簡單，攻擊者(套利機器人)只是在對的時間點實行`exchange` function進行兌換 https://etherscan.io/tx/0x93819f6bbea390d7709fa033f5733d16418674e99c43b9ed23adb4110d657f0c  <br> 此次事件，攻擊者同意reserve這筆交易以換取bounty > We have since been in contact with the owner of the bot, who has agreed to reverse the trades in exchange for a bug bounty. ## Remediation 文中Synthetix提及將Oracle換成Chainlink，但也建議增加下列defense - Real time monitoring price feed - Circuit breaker - 當Oracle價格出現失準，合約應該要能暫停交易以避免被套利 - 更多的Oracle供應商避免SPoF (single point of failure) <br> # BedRock Flash Loan Attack ## Introduction [Bedrock](https://docs.bedrock.technology/) is a multiple asset liquid restaking protocol, that backed by non-custodial solution designed in partnership with RockX, a longstanding blockchain infrastructure company with strong roots in crypto staking. Bedrock support multiple assets to do both restaking / staking including: * uniBTC: A restaking protocol that accept wrapped BTC tokens partnership with the BTC staking protocol Babylon chain, the first supported wrapped BTC is wBTC token on Ethereum blockchain, so all the wBTC token holders will enjoy both yield on staking BTC tokens plus the security of Ethereum network. <br> ## Reference - [DefiHackedLabs Poc](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/src/test/2024-09/Bedrock_DeFi_exp.sol) - [Certik Alert Twitter](https://x.com/certikalert/status/1839403126694326374) - [Verichain Medium](https://blog.verichains.io/p/bedrock-defi-incident-analysis) - [Lunaray Medium](https://lunaray.medium.com/bedrock-unibtc-hack-analysis-7808902e5a7c) - [QuillAudits](https://www.quillaudits.com/blog/hack-analysis/bedrock-2million-exploit) - [New uniBTC](https://github.com/Bedrock-Technology/uniBTC/blob/main/contracts/contracts/uniBTC.sol) ## Contract links - [Attacker contract](https://etherscan.io/address/0x2bFB373017349820dda2Da8230E6b66739BE9F96) - [Exploit contract](https://etherscan.io/address/0x1e1d02d663228e5d47f1de64030b39632a3b787d#internaltx) - [uniBTC contract](https://etherscan.io/token/0x004e9c3ef86bc1ca1f0bb5c7662861ee93350568) Already fixed - [Exploit transaction](https://etherscan.io/tx/0x725f0d65340c859e0f64e72ca8260220c526c3e0ccde530004160809f6177940) - [Blocksec On-chain analysis](https://app.blocksec.com/explorer/tx/eth/0x725f0d65340c859e0f64e72ca8260220c526c3e0ccde530004160809f6177940) ## Attack Steps 1. Borrowed 30.8 WETH through Balancer using flashloan  2. The attacker called the mint function of Bedrock Vault and transferred 30.8 ETH to Bedrock Vault  Checking the source code of the Vault contract, we can clearly see that this contract expects the native token to be BTC. However, since this contract is deployed on the Ethereum chain, it produces an incorrect conversion ratio (1:1) between uniBTC and ETH, which is a simple but critical error 3. Attacker used 30.8 ETH to mint 30.8 uniBTC 4. Attacker exchanged 30.8 uniBTC for 27.8 WBTC through Uniswap V3 5. Attacker exchanged the 27.8 WBTC for 680.4 WETH through Uniswap V3 6. 30.8 WETH was repaid to Balancer 7. Attacker finally made a profit of 649.6 WETH, which is about 1.7M USD ## Summary The cause of this vulnerability is that the exchange ratio of WETH and uniBTC was not properly handled, resulting in WETH and uniBTC being exchanged at 1:1, and the value of WETH was magnified tens of thousands of times. The attacker used the distorted price to make a profit through lending, and eventually the attacker used the borrowed WETH to empty the project’s uniBTC tokens. ## Lesson Learned For contracts that control the minting or holding of tokens, even a minor error can result in significant security vulnerabilities. Therefore, conducting a security audit before deploying contracts in the production environment is critically important.