According to the SlowMist Zone intelligence, on November 22, 2020, the Ethereum DeFi project Pickle Finance was attacked and lost approximately 20 million DAI. The SlowMist security team followed up and analyzed related incidents as soon as possible. The following is a brief analysis process.
Brief analysis
1. The swapExactJarForJar function in the Controller contract of the project allows two arbitrary jar contract addresses to be passed in for token exchange. Among them, _fromJar, _toJar, _fromJarAmount, _toJarMinAmount are all variables that can be controlled by the user. Attackers use this feature to Fill in both _fromJar and _toJar with your own address. _fromJarAmount is the amount of DAI set by the attacker to draw the contract, which is about 20 million DAI.
2. During the exchange process using the swapExactJarForJar function, the contract will obtain the corresponding token through the passed-in _fromJar contract and the token() function of the _toJar contract to specify the asset to be exchanged. Since both the _fromJar contract and the _toJar contract are passed in by the attacker, the value obtained using the token() function is also controllable. Here, the token obtained from the _fromJar contract and the _toJar contract is DAI.
3. At this time, the exchange occurs and the Controller contract uses the transferFrom function to transfer a certain amount of ptoken from _fromJar, but since the fromJar contract is an address controlled by the attacker, the transferred ptoken here is the attacker’s counterfeit currency. At the same time, because the token obtained by the contract from the _fromJar contract is DAI, the contract will determine whether the funds in the contract are sufficient for exchange. If it is not enough, a certain amount of tokens will be redeemed from the strategy pool and then transferred to the Controller contract in. In this attack, the DAI in the contract is not enough for exchange. At this time, the contract will propose an insufficient share from the strategy pool to make up the 20 million DAI set by the attacker.
4. The exchange continues. After the Controller contract proposes DAI from the strategy pool to make up the 20 million DAI set by the attacker, it will call the withdraw function of _fromJar to burn off the fake ptoken transferred by the attacker in the third step, and then The contract judges the balance of the token specified by the _toJar contract in the current contract. Since the token specified by the _toJar contract is DAI, the Controller contract will determine the amount of DAI remaining in the contract. At this time, the Controller contract has collected 20 million in the third step. DAI, so the balance of DAI is 20 million. At this time, the Controller contract calls the deposit function of the _toJar contract to transfer 20 million DAI to the _toJar contract controlled by the attacker. At this point, the attacker has made a profit.
Summary
In this attack, the attacker forged the contract addresses of _fromJar and _toJar when calling the swapExactJarForJar function in the Controller contract, and exchanged fake coins for the real DAI in the contract, completing the process of an attack.
About us
SlowMist Technology is a company focused on blockchain ecological security. It was founded in January 2018 and is headquartered in Xiamen. It was founded by a team with more than ten years of front-line network security attack-defense experiences, and the team members have created the security project with world-class influence. SlowMist Technology is already a top international blockchain security company, served many global well-known projects mainly through “the security solution that integrated the threat discovery and threat defense while tailored to local conditions,” including: cryptocurrency exchanges (such as Huobi, OKEx, Binance, etc.), cryptocurrency wallets (such as imToken, RenrenBit, MYKEY, etc.), smart contracts (such as TrueUSD, HUSD, OKUSD, etc.), DeFi projects (such as : JUST, BlackHoleSwap, DeFiBox, etc.), the underlying public chain (such as EOS, OKChain, PlatON, etc.), there are nearly a thousand commercial customers, customers distributed in more than a dozen major countries and regions.
