A brief analysis of the Cover Protocol hacked event

According to the intelligence of the SlowMist Zone, on December 29, 2020, the price of the Cover agreement plummeted. The SlowMist security team followed up and analyzed related incidents as soon as possible. The following is a brief analysis process.

A brief analysis

1. In the Blacksmith contract of the Cover protocol, users can mortgage BPT tokens through the deposit function;

2. After the first deposit-withdraw, the attacker will update the pool through the updatePool function and use accRewardsPerToken to record the cumulative reward;

3. Later, the reward will be distributed through the _claimCoverRewards function and recorded using the rewardWriteoff parameter;

4. After the attacker’s first withdraw, there is still a small part of BPT for mortgage;

5. At this time, the attacker will deposit for the second time and withdraw the reward through claimRewards;

6. The problem lies in the specific calculation of rewardWriteoff. The Pool value taken when the attacker performs deposit-claimRewards for the second time is defined as memory. At this time, the Pool obtained in memory is the value updated when the attacker performs updatePool withdraw for the first time;

7. Since the Pool value obtained in memory is old, the accRewardsPerToken corresponding to the record is also old and will be assigned to the miner;

8. When a new updatePool is performed later, since the lpTotal in the pool has become smaller after the attacker performs withdraw for the first time, the accRewardsPerToken obtained finally will become larger;

9. At this time, the accRewardsPerToken assigned by the attacker is the old one, which is a small value, and the value obtained during the rewardWriteoff calculation will also be small, but the attacker uses the updated accRewardsPerToken value when performing claimRewards;

10. Therefore, due to the previous difference between the new and old parameters when calculating specific rewards, a larger value will be calculated;

11. Therefore, in the end, when rewards are minted for the attacker based on the calculation results, more COVER tokens will be minted, resulting in additional issuance of COVER tokens.

About us

SlowMist Technology is a company focused on blockchain ecological security. It was founded in January 2018 and is headquartered in Xiamen. It was founded by a team with more than ten years of front-line network security attack-defense experiences, and the team members have created the security project with world-class influence. SlowMist Technology is already a top international blockchain security company, served many global well-known projects mainly through “the security solution that integrated the threat discovery and threat defense while tailored to local conditions,” including: cryptocurrency exchanges (such as Huobi, OKEx, Binance, etc.), cryptocurrency wallets (such as imToken, RenrenBit, MYKEY, etc.), smart contracts (such as TrueUSD, HUSD, OKUSD, etc.), DeFi projects (such as : JUST, BlackHoleSwap, DeFiBox, etc.), the underlying public chain (such as EOS, OKChain, PlatON, etc.), there are nearly a thousand commercial customers, customers distributed in more than a dozen major countries and regions.

--

--

--

Focuses on Blockchain Ecosystem Security, have served over 1k+ customers.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Treasure TD Hack Free Resources Generator

Scammers Are Targeting COVID-19 Contact Tracing Efforts

Old Newsletter: End-To-End Encrypted Communication using Python

Council Post: Why Security Matters More Than Ever For Small Businesses

How to Secure Your Wi-Fi Router and Protect Your Home Network

A Developer’s Guide to GDPR that won’t make you sweat

{UPDATE} Emoji Craft ! Hack Free Resources Generator

BoggedFinance — Bogged down?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
SlowMist

SlowMist

Focuses on Blockchain Ecosystem Security, have served over 1k+ customers.

More from Medium

Phantom Functions and the Billion-Dollar No-op

Cronos Theft of Transactions Fees Bugfix Review

Our review of the blockchain security industry in 2021, with global losses exceeding $9.8 billion

Sorbet Finance Vulnerability Post Mortem