0x01 Event Background
On March 14, Euler Finance on the ETH chain was hacked, the attacker made a profit of about $197 million, the attacker’s address is 0xb66cd966670d962c227b3eaba30a872dbfb995db, the stolen funds 100ETH transferred to the mixed coin platform Tornado.Cash, the rest of the funds are still in The attacker’s address has not moved yet.
0x02 Vulnerability and Core
There is a function in the contract regarding token balance modification that checks for liquidation, checking the collateral assets against the lent funds after performing a token transfer, requiring that the collateral assets be greater than the lent funds.
Due to the lack of check clearing logic in the function donateToReserves, an attacker can adjust the borrowing to a clearing state through this function.
The attacker constructs two attack contracts, one performing the borrowing operation and the other performing the liquidation operation.
The borrowing contract lends 30,000,000 DAI via flash loanattack, and later deposits 20,000,000 DAI into Euler to obtain 19,568,124 eDAI, and later calls the mint function to lend 200,000,000 dDAI and 195,681,243 eDAI, scaling up the assets by a factor of 10
The attacker then calls the repay function to continue the stake, stakes the remaining 10,000,000 DAI and destroys 10,000,000 eDAI, and then continues to call the mint function to lend 200,000,000 dDAI and 195,681,243 eDAI, at which point the attacker has a total of 400,000,000 dDAI and 400,930,610 eDAI.
The attacker calls the donateToReserves function in the contract to transfer 100,000,000 eDAI to address 0
At this time, the attacker address has 400,000,000 dDAI and 300,930,610 eDAI, has reached the liquidation condition, due to the lack of liquidation judgment in this function, failed to perform liquidation.
The liquidation contract calls the liquidation function to execute the liquidation operation and obtains a total of 310,930,612 eDAI and 254,234,370dDAI
Afterwards, the attacker calls the withdraw function to remove all the DAIs from the pool
The attackers made a total profit of 8,877,507 DAI in this transaction
0x03 Summary and Suggestions
The attack is due to the missing liquidation check logic in the EToken contract’s donateToReserves function, which allows the attacker to maliciously leave the borrowed funds in a liquidated state without triggering liquidation, allowing the attacker to profit by triggering liquidation without transferring liquidated funds to the contract.
The attack is due to the missing liquidation check logic in the EToken contract’s donateToReserves function, which allows the attacker to maliciously leave the borrowed funds in a liquidated state without triggering liquidation, allowing the attacker to profit by triggering liquidation without transferring liquidated funds to the contract.
