# Flashloan + reentrance attacks, technical analysis about why OUSE lost $ 7 million


  1. The attacker used dYdX flashloan to borrow 70000 ETH, then exchanged them to USDT and DAI via Uniswap.
  2. The attacker called mint function of OUSD Vault contract, the Vault contract would call rebase function to allocate the previous reward at first, and then the attacker transferred 7.5 million USDT from the attacker’s contract to OUSD Vault contract.
  3. Vault’s total value was about $ 7018138 before attacker transferred 7.5 million USDT into it. 7.5 million was valued about half of the Vault’s total value.
  4. The attacker’s contract called mintMultiple function, used DAI contract address and attacker’s contract address as function’s variables, also called rebase function to allocate the previous reward including the reward of 7.5 million, and then called transferFrom to transfer 20.5 million DAI from attacker’s contract to Vault contract. Then the attacker called transferFrom of the attacker’s contract, this function including recalling mint function of the Vault contract to do reentrance attack.
  5. The transferFrom function of the attacker’s contract recalled the mint function of Vault contract. Because the mint function would judge whether it should rebase (the condition was that the total value of Vault’s all assets was not equal the total num of OUSD minted), so rebased again on this time. It was expected that it allocated reward first then changed the total value of Vault’s assets, at last called rebase function to allocate. Because of reentrance, it didn’t call oUSD.mint function to mint at first, and attacker transferred 20.5 million DAI to Vault contract before minting, the total value of the Vault contract was greater than the total of OUSD minted, so the Vault contract used 20.5 million DAI as a part of reward to reallocate. Because the value of the attacker’s assets was greater than half the total value of Vault contract in the step 3, so the attacker got more than 10.25 million valued reward out of nowhere.
  6. The attacker minted 2000 OUSD via oUSD.mint function, and called allocate function to get the reward of 2000 USDT (in the step 5, the reason that the attacker transferred 2000USDT to Vault contract was to meet the condition to trigger the rebase function). After the reentrance ended, the attacker minted OUSD of 20.5 million DAI valued.
  7. At last the total value of Vault was $ 35.01 million, but the value of attacker’s assets was greater than $ 38.25 million, so the attacker used most of OUSD to redeem from Vault contract, almost emptied Vault contract, the rest of OUSD was changed to USDT to increase revenue via OUSD-USDT pair via Uniswap and Sushiswap.

Sum up

About us



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store