0x01 Background
The hacker attacked Orion Protocol on the BSC chain and ETH chain. The attacker made a profit of about 3 million US dollars. The attacker’s address is 0x837962b686fd5a407fb4e5f92e8be86a230484bd. The stolen funds have been transferred to the Tornado.Cash currency mixing platform.
0x02 Vulnerability and core
Orion Protocol is the first decentralized gateway to crypto. Access major CEXs, DEXs + swap pools from your own wallet. Global access. No account.Here is an example of a BSC chain attack transaction:
After the first exchange, transfer to the malicious contract constructed by the attacker for token transfer. The transfer function is maliciously constructed by the attacker. In the maliciously constructed transfer function, the attacker will call the ExchangeWithAtomic contract with the 191,606 USDT obtained through the flash loan The depositAsset function in the contract is stored in the contract. At this time, the value of the assetBalances variable is modified, but the modification of the assetBalances variable is not executed during the final transfer.
The final exchange token value calculation is the current token balance minus the corresponding token balance of the contract before the exchange is performed.
Since the attacker has transferred a large amount of funds to the contract during the execution of the exchange, the attacker exchanged more USDT funds.
Balance before exchange
The attacker used 1USDC to exchange a total of 191,606 USDT in this exchange
Since the attacker executed the depositAsset function operation before, but the variables in this function were not involved when the exchange was completed, the attacker can still withdraw the funds deposited through the depositAsset function by calling the withdraw function.
0x03 Source and destination of funds
The source of funds for the ETH chain attack address is the Bianace15 exchange
The source of funds for the BSC chain attack address is the Tornado.Cash mixing platform
Flow of funds
The stolen funds of the BSC chain are all transferred to the attacker’s address of the ETH chain through cross-chain
The ETH chain converted the stolen funds into ETH and transferred a total of 1100 ETH to the Tornado.Cash mixing platform
0x04 Summary and Recommendations
The attack is due to the fact that the ExchangeWithAtomic contract does not limit the re-entry between different functions within the contract, which allows the attacker to realize the re-entry operation by calling the constructed malicious contract, and the calculation of the funds transferred out after the token exchange in the contract is only affected by the contract token balance, so the attacker can profit by calling other functions to transfer funds to affect the contract balance and then take out the transferred funds when performing the exchange.
