SlowMist: A brief analysis of the Akropolis attack (Released in 2020)

On November 13, 2020 according to CoinDesk, the Akropolis protocol was attacked by hackers and lost about 2 million DAI. The SlowMist security team intervened in the analysis immediately on the same day, and synchronized the conclusions to relevant interested parties. The following is a brief analysis of the incident by the SlowMist security team for your reference.

Background

Akropolis is a lending and deposit protocol running on Ethereum, users can use Akropolis to borrow or deposit in Akropolis to collect lending interest.

Attack Process

1. The attacker uses the token he created to deposit. At this time, the Akropolis contract will first record the total amount of all tokens in the contract.

2. When the Akropolis contract calls the transferFrom function of the token created by the user, the attacker re-enters the deposit function of the Akropolis contract in the transferFrom function, and transfers DAI to the Akropolis contract.

3. At this time, in the reentrant transaction, since the Akropolis contract will first obtain the total amount of all tokens in the contract, this value is consistent with the value of the total amount of contract tokens obtained by calling the deposit function for the first time.

4. The Akropolis contract calculates the difference between the total amount of tokens in the contract before and after the recharge. After recharging DAI, the attacker will get a certain amount of Delphi tokens. The amount of tokens obtained is the amount of recharged DAI.

5. After the coin minting is completed, the process returns to the first deposit and continues to execute. At this time, the contract will obtain the total amount of all tokens in the contract again. At this time, because the attacker has already transferred a certain amount of tokens during the reentry transaction DAI, so the total token balance obtained is the total token balance of the attacker after the reentry transaction is completed.

6. At this time, the contract calculates the difference again. Since the total amount of all tokens in the contract has been saved at the first deposit, the difference calculated at this time is consistent with the difference calculated in the reentry transaction, and the Akropolis contract mints coins again to the attacker.

Summary

The attacker used the token constructed by himself to re-enter the deposit function of the Akropolis contract, causing the Akropolis contract to mint twice with the same difference, but only one transfer was triggered. When the attacker withdraws, he can withdraw twice income, thereby making a profit.

Related Links:

(1) CoinDesk’s report on the attack on the Akropolis contract

(2) Analyzing samples

About SlowMist

SlowMist is a blockchain security firm established in January 2018. The firm was started by a team with over ten years of network security experience to become a global force. Our goal is to make the blockchain ecosystem as secure as possible for everyone. We are now a renowned international blockchain security firm that has worked on various well-known projects such as Huobi, OKX, Binance, imToken, Crypto.com, Amber Group, Klaytn, EOS, 1inch, PancakeSwap, TUSD, Alpaca Finance, MultiChain, O3Swap, etc.

Website：
https://www.slowmist.com
Twitter：
https://twitter.com/SlowMist_Team
Github：
https://github.com/slowmist/