# Flashloan + reentrance attacks, technical analysis about why OUSE lost $ 7 million

On Nov 17th, Ethereum DeFi project named OUSD was flashloan attacked. The following are SlowMist team’s analysis details about the attack.

Details

1. The attacker used dYdX flashloan to borrow 70000 ETH, then exchanged them to USDT and DAI via Uniswap.
2. The attacker called mint function of OUSD Vault contract, the Vault contract would call rebase function to allocate the previous reward at first, and then the attacker transferred 7.5 million USDT from the attacker’s contract to OUSD Vault contract.
3. Vault’s total value was about $ 7018138 before attacker transferred 7.5 million USDT into it. 7.5 million was valued about half of the Vault’s total value.
4. The attacker’s contract called mintMultiple function, used DAI contract address and attacker’s contract address as function’s variables, also called rebase function to allocate the previous reward including the reward of 7.5 million, and then called transferFrom to transfer 20.5 million DAI from attacker’s contract to Vault contract. Then the attacker called transferFrom of the attacker’s contract, this function including recalling mint function of the Vault contract to do reentrance attack.
5. The transferFrom function of the attacker’s contract recalled the mint function of Vault contract. Because the mint function would judge whether it should rebase (the condition was that the total value of Vault’s all assets was not equal the total num of OUSD minted), so rebased again on this time. It was expected that it allocated reward first then changed the total value of Vault’s assets, at last called rebase function to allocate. Because of reentrance, it didn’t call oUSD.mint function to mint at first, and attacker transferred 20.5 million DAI to Vault contract before minting, the total value of the Vault contract was greater than the total of OUSD minted, so the Vault contract used 20.5 million DAI as a part of reward to reallocate. Because the value of the attacker’s assets was greater than half the total value of Vault contract in the step 3, so the attacker got more than 10.25 million valued reward out of nowhere.
6. The attacker minted 2000 OUSD via oUSD.mint function, and called allocate function to get the reward of 2000 USDT (in the step 5, the reason that the attacker transferred 2000USDT to Vault contract was to meet the condition to trigger the rebase function). After the reentrance ended, the attacker minted OUSD of 20.5 million DAI valued.
7. At last the total value of Vault was $ 35.01 million, but the value of attacker’s assets was greater than $ 38.25 million, so the attacker used most of OUSD to redeem from Vault contract, almost emptied Vault contract, the rest of OUSD was changed to USDT to increase revenue via OUSD-USDT pair via Uniswap and Sushiswap.

Sum up

The key of this attack is reentrance issue about calling outside functions and the income distribution mechanism of Vault’s rebase function, so that the attacker could get huge income via reentrance out of nowhere. According to this case, SlowMist team suggests projects must check whether the assets are in the whitelist, if no rolling back should be used, and use no-reentrance lock to mitigate reentrance attacks.

The attack transaction hash: 0xe1c76241dda7c5fcf1988454c621142495640e708e3f8377982f55f8cf2a8401

About us

SlowMist Technology is a company focused on blockchain ecological security. It was founded in January 2018 and is headquartered in Xiamen. It was founded by a team with more than ten years of front-line network security attack-defense experiences, and the team members have created the security project with world-class influence. SlowMist Technology is already a top international blockchain security company, served many global well-known projects mainly through “the security solution that integrated the threat discovery and threat defense while tailored to local conditions,” including: cryptocurrency exchanges (such as Huobi, OKEx, Binance, etc.), cryptocurrency wallets (such as imToken, RenrenBit, MYKEY, etc.), smart contracts (such as TrueUSD, HUSD, OKUSD, etc.), DeFi projects (such as : JUST, BlackHoleSwap, DeFiBox, etc.), the underlying public chain (such as EOS, OKChain, PlatON, etc.), there are nearly a thousand commercial customers, customers distributed in more than a dozen major countries and regions.