SlowMist: An Analysis of the Attack on Impossible Finance (Released in 2021)

According to SlowMist Zone, Impossible Finance, a Binance Smart Chain (BSC) DeFi project, was hit by a flash loan attack. The SlowMist security team immediately intervened and analyzed the attack, and the results are shared as follows:

Attack Analysis

The DEX architecture of Impossible Finance refers to Uniswap v2, but it differs in the implementation of Pair. Impossible Pair has implemented two interfaces, cheapSwap and swap. The cheapSwap function restricts calls only by the Router contract, while the swap function allows any user to call for token exchange operations. The root cause of this attack lies in this special token exchange architecture. The following is a detailed analysis of the attack:

First, the attacker borrowed a large amount of WBNB from PancakeSwap through a flash loan and eventually exchanged it for IF (Impossible Finance token).

The attacker then created a token called AAA (BBB) under their control, and added liquidity with the IF token obtained in the previous step.

The attacker then proceeded to swap the newly created token AAA (BBB) with BUSD token, using a custom exchange path (AAA -> IF -> BUSD) passed through the Router. However, the problem occurred during this exchange process. By analyzing the on-chain records, we can easily see that the attacker performed two swap operations when exchanging AAA tokens for IF tokens:

Why did two exchange operations occur during a single exchange process?

By analyzing the specific internal call flow, we found that when the attacker called the transferFrom function of the AAA contract to transfer AAA tokens to the Pair contract, they simultaneously called the swap function of the Pair contract (i.e., normal transfer and swap were implemented in the transferFrom function). Then, another normal token exchange was conducted through cheapSwap function as expected by the project design.

Based on the analysis, we learned that the attacker performed two token exchange operations during a single exchange process by calling the swap function and the cheapSwap function. As a result, the attacker received additional BUSD tokens. Normally, each exchange operation should cause a change in the K value, which would cause users can’t receive the expected tokens.

But through analyzing the specific logic of the swap function and the cheapSwap function in the Impossible Pair, we found a surprising fact: the swap function checked the K value, while the cheapSwap function did not check the K value and directly performed an update operation. This allowed the attacker to make multiple exchange operations and obtain additional BUSD.

Attack Process

1. The attacker first borrowed WBNB through PancakeSwap flash loan and exchanged it for IF tokens.

2. The attacker created a malicious token contract AAA(BBB) and added liquidity for AAA token and IF token in the Impossible.

3. The attacker exchanged AAA tokens for BUSD tokens through the AAA -> IF -> BUSD path, and in the process of transferring AAA tokens to the Pair contract and exchanging them for IF tokens, they performed an additional exchange operation between IF and BUSD, followed by a normal cheapSwap operation. As a result, the attacker obtained additional BUSD tokens.

4. The attacker repeated the above steps to gain profits.

Summary

The core of this attack lies in the lack of K value check in the cheapSwap function, which allows attackers to perform multiple exchange operations in one transaction and obtain additional tokens. SlowMist Security Team suggests that DeFi protocols should fully check and verify their new models when innovating based on other projects to avoid such security incidents.

Reference Transaction:

https://bscscan.com/tx/0x0220704a99ddfb982d26e65cc337f26b77dc057930b7aa1d848cc48ec77984a8

About SlowMist

SlowMist is a blockchain security firm established in January 2018. The firm was started by a team with over ten years of network security experience to become a global force. Our goal is to make the blockchain ecosystem as secure as possible for everyone. We are now a renowned international blockchain security firm that has worked on various well-known projects such as Huobi, OKX, Binance, imToken, Crypto.com, Amber Group, Klaytn, EOS, 1inch, PancakeSwap, TUSD, Alpaca Finance, MultiChain, O3Swap, etc.

Website：
https://www.slowmist.com
Twitter：
https://twitter.com/SlowMist_Team
Github：
https://github.com/slowmist/