Author: Doris, @SlowMist Security Team
background
On June 10, 2024, according to the SlowMist MistEye security monitoring system, UwU Lend, a platform that provides digital asset lending services on the EVM chain, was attacked and lost approximately $19.3 million. The SlowMist security team analyzed the incident and shared the results as follows:
( https :// x . com / SlowMist _ Team / status /1800181916857155761)
Related Information
Attacker Address:
0x841ddf093f5188989fa1524e7b893de64b421f47
The address of the vulnerable contract:
0x9bc6333081266e55d88942 e277 fc809b485698b9
Attack transaction:
0xca1bbf3b320662c89232006f1ec6624b56242850f07e0f1dadbe4f69ba0d6 ac3
0xb3f067618ce54bc26a960b660fc28f9ea0315e2e9a1a855ede508eb4017376
0x242a0fb4fde9de0dc2fd42e8db743cbc197fa2bf6a036ba0bba303df296408b
Attack the Core
The core point of this attack is that the attacker can directly manipulate the price oracle by making large exchanges in the CurveFinance pool, affecting the price of the sUSDE token, and using the manipulated price to cash out other assets in the pool.
Attack Process
1. Borrow assets through flash loans and drive down the price of USDE: The attacker first borrows a large amount of assets through flash loans, and then exchanges part of the borrowed USDE tokens for other tokens in the Curve pool that can influence the price of sUSDE.
2. Create a large number of lending positions: In the current situation where the sUSDE price has plummeted, a large number of sUSDE tokens are borrowed by depositing other underlying tokens.
3. Manipulate the oracle again to raise the price of sUSDE: By performing a reverse exchange operation in the previous Curve pool, the price of sUSDE is quickly raised.
4. Liquidation of large-scale debt positions: As the price of sUSDE was rapidly raised, the attacker was able to liquidate a large number of previously borrowed positions to obtain uWETH.
5. Deposit the remaining sUSDE and borrow other underlying tokens in the contract: The attacker deposits the currently high-priced sUSDE again to borrow more underlying asset tokens for profit.
It is not difficult to see that the attacker mainly manipulates the price of sUSDE repeatedly, borrows a large amount of money when the price is low, and makes profits by liquidating and re-mortgaging when the price is high. We follow up to the oracle contract sUSDePriceProviderBUniCatch that calculates the price of sUSDE:
It can be seen that the price of s USDE is determined by first obtaining the different prices of 11 USDE tokens from the USDE pool and UNI V3 pool on CurveFinance, and then sorting and calculating the median based on these prices.
In the calculation logic here, the prices of 5 USDEs are directly obtained by using the get_p function to obtain the real-time spot price of the Curve pool. This allows the attacker to directly affect the calculation result of the median price by exchanging a large amount in one transaction.
MistTrack Analysis
According to the on-chain tracking tool MistTrack, the attacker 0x841 ddf093 f5188989 fa1524 e7 b893 de64 b421 f47 made a profit of approximately US$19.3 million in this attack, including currencies such as ETH, crvUSD, bLUSD, and USDC. Subsequently, all ERC-20 tokens were exchanged for ETH.
By tracing the transaction fees of the attacker’s address, it was found that the initial funds on the address came from 0.98 ETH transferred from Tornado Cash, and then the address received 5 funds from Tornado Cash.
Expanding the transaction graph, it was found that the attacker transferred 1,292.98 ETH to the address 0x48 d7 c1 dd4214 b41 eda3301 bca434348 f8 d1 c5 eb6. The current balance of this address is 1,282.98 ETH. The attacker transferred the remaining 4,000 ETH to the address 0x050 c7 e9 c62 bf991841827 f37745 ddadb563 feb70. The current balance of this address is 4,010 ETH.
MistTrack has blacklisted the relevant addresses and will continue to monitor the transfer of the stolen funds.
Summarize
The core of this attack is that the attacker took advantage of the compatibility defect of the price oracle to directly obtain the spot price and the median price calculation to manipulate the price of sUSDE, thereby making loans and liquidations under the influence of severe price differences to obtain unexpected profits. The SlowMist security team recommends that the project party enhance the anti-manipulation capability of the price oracle and design a safer oracle price feeding mechanism to prevent similar incidents from happening again.
