SlowMist: DAO Maker’s vesting system was hacked

SlowMist
2 min readSep 4, 2021

--

DeRace Token (DERC), Coinspaid (CPD), Capsule Coin (CAPS), Showcase Token (SHO) all use Dao Maker’s vesting system, and the DAO Maker vesting contract is attacked when the holder is issued (DERC) in DAO Maker , i.e. there is a vulnerability in the vesting system of DERC vesting contract participants: Init Initialization was unauthenticated, the attacker initialized the key parameters of init, and changed the owner at the same time, and then stole the token through emergencyExit and swap it into DAI. The attacker finally made a profit of nearly $4 million .

Hackers took advantage of the vulnerability in the vesting contract to emergencyExit the tokens in the vesting contract. The following is a brief analysis:

Implementation of vesting contract contract 0xf17ca0e0f24a5fa27944275fa0cedec24fbf8ee2 decompiled get the following information:

1. The init function in the vesting contract (function signature: 0x84304ad7) does not authenticate the caller, and the hacker becomes the owner of the vesting contract by calling the init function.

2. The Owner can call the emergencyExit function in the vesting contract to make emergency withdrawals.

Related contract address:
Take DERC as an example:
Vesting agency contract:
0x2fd602ed1f8cb6deaba9bedd560ffe772eb85940
0xdd571023d95ff6ce5716bf112ccb752e86212167

Vesting implementation contract:
0xf17ca0e0f24a5fa27944275fa0cedec24fbf8ee2

Hacker address:
0x2708cace7b42302af26f1ab896111d87faeff92f

— — — — — — — — — — — — — — — — — — — — —

In the same way it attacked other vesting contracts, transferring the following tokens:
DeRace Token (DERC): 0x9fa69536d1cda4a04cfb50688294de75b505a9ae
Coinspaid (CPD): 0x9b31bb425d8263fa1b8b9d090b83cf0c31665355
Capsule Coin (CAPS): 0x03be5c903c727ee2c8c4e9bc0acc860cca4715e2
Showcase Token (SHO): 0xcc0014ccb39f6e86b1be0f17859a783b6722722f

--

--

SlowMist
SlowMist

Written by SlowMist

SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.

No responses yet