时间:2024-03-20|浏览:238
用戶喜愛的交易所
已有账号登陆后会弹出下载
By:Doris
On March 14, 2024, according to an early warning from the SlowMist MistEye security monitoring system, MOBOX, the decentralized lending protocol on the Optimism chain, was attacked, resulting in a loss of approximately US$750,000. The SlowMist security team analyzed the attack incident and shared the results as follows:
(https://twitter.com/SlowMist_Team/status/1768167772230713410)
Attacker address:
0x4e2c6096985e0b2825d06c16f1c8cdc559c1d6f8
0x96f004c81d2c7b907f92c45922d38ab870a53945
Attacked contract address:
0xae7b6514af26bcb2332fea53b8dd57bc13a7838eAttack transaction:0x4ec3061724ca9f0b8d400866dd83b92647ad8c943a1c0ae9ae6c9bd1ef789417
There are two main core points of this attack. One is that the attacker exploits the borrow() function vulnerability in the contract. Each call to this function will trigger the reward distribution to the recommender's address. Since the reward calculation is based on the number of transferred tokens, the attacker can increase the amount of the next borrowing by transferring the reward to the referrer back to the attacked contract again. The second is that each time the borrow() function is called, a part of the MO tokens in the pool will be burned, so the price of MO tokens is continuously raised. In the end, the attacker can make profits by continuously borrowing and superimposing rewards.
We can find that the entire attack process mainly calls the vulnerable borrow() function in a loop, and then immediately calls redeem() to redeem, and then transfer the tokens allocated to the recommender back to the attack contract.
Following the analysis of the borrow() function, we can find that each time this function is called, part of the MO tokens in the pool will be burned.
However, the amount of USDT loaned out is calculated based on the price of MO tokens in the pool. Since the price of MO tokens continues to rise due to burning, eventually attackers can lend a large amount of MO tokens with a small amount. USDT token.
In addition, each borrowing will reward a referrer address with dividends, and the function is calculated based on the amount of MO tokens passed in.
However, since the referrer address is also controlled by the attacker (0x96f004c81d2c7b907f92c45922d38ab870a53945), the attacker can transfer this part of the reward back after completing the loan operation to superimpose the next loan amount and dividend rewards.
After the above cyclic operation, the attacker increased the price of MO tokens. Finally, he could use a very small number of MO tokens to lend out a large amount of USDT in the contract, and directly exchange all USDT in the unbalanced pool. Come out and take profits.
The core of this attack is that the attacker uses the borrow() function to burn part of the tokens in the pool, constantly borrowing assets, raising the price of tokens in the pool and obtaining referrer rewards, and then transfers the tokens back and borrows them again , thereby continuously stacking rewards and manipulating prices. The SlowMist security team recommends that project parties add lock-up time limits to similar functions and consider multiple factors when designing the price model of lending to avoid similar incidents from happening again.