The DeFi project YFValue (YFV) announced that the team discovered a loophole in the YFV pledge pool yesterday, and malicious participants used this loophole to individually reset the YFV timer in the pledge. A malicious actor is already trying to blackmail the team with this. The SlowMist security team conducted an in-depth analysis on this, and the following are relevant technical details.
From the official statement of YFValue, we can know that there is a problem with the YFV mortgage pool. Malicious users can reset the timer of YFV mortgagers, which will cause inconvenience to YFV mortgagers, but this will not lead to loss of funds.
Log in to the official website of YFValue, and you can find that in the YFValue system, users can obtain corresponding rewards by staking related tokens. Currently, the pledged token pools supported by YFValue are as follows:
It can be seen that due to the vulnerability, YFV’s mortgage pool has turned off the mortgage function on the UI interface, but the contract has not yet turned off the token mortgage function. We need to track the code to analyze the specific details.
According to the Github address provided by the official website, we traced the source to the relevant code warehouse (https://github.com/yfv-finance/audit). The relevant logic about YFV mortgage is in the YFV_Stake.sol contract. There are two functions related to mortgage in the contract, namely the stake function and the stakeOnBehalf function. The following is the specific code:
Through the code, it is found that whether it is the stake function or the stakeOnBehalf function, the logic is basically the same. First, it is verified that the mortgage amount cannot be 0, and then the tokenStake and tokenStakeOnBehalf functions on the upper layer are called respectively. Then update the user’s mortgage time. It’s just that the stakeOnBehalf function can be used to stake for others. The codes of tokenStake and tokenStakeOnBehalf are as follows:
It can be seen that the corresponding token is simply transferred to the contract using the transferFrom method, and there is no special logic point. At this point, the entire mortgage process is very clear, and the next step is the process of income. The stakeReward function is used to calculate the user’s income, and the withdraw function is used to receive the income. The codes are as follows:
By analyzing the code for calculating and receiving benefits, it is found that the logic is also very simple. The stake function first updates the user’s reward through the updateReward decorator, then uses the getReward function to calculate the user’s reward, and sets the mortgage time to the current block time . Finally, when the user withdraws the reward, the withdraw function will first calculate the current block time, and then compare it with the time calculated in the unfrozenStakeTime function. Only when the current block time is greater than the time calculated by unfrozenStakeTime, withdrawal is allowed. The code for unfrozenStakeTime is as follows:
From the code, we know that unfrozenStakeTime uses the user’s last staking time plus the FROZEN_STAKING_TIME constant to obtain the locking time. As long as the time exceeds the time, the proceeds can be withdrawn through the withdraw function. The simplified process of staking and receiving benefits is as follows:
Back to the original question, how do malicious users lock other users’ assets?
Going back to the logic of user staking, we can find that the stakeOnBehalf function in the staking logic is intended to help with staking, but there is a problem here, what if the user already has staking? Then, by staking the user who has already staked again, for example, staking 1 YFV, can the timer of the staked user be reset at a very low cost, so that the user cannot successfully call when withdrawing. Furthermore, assuming that the YFV mortgage user has successfully called the stakeReward function, when the time specified by unfrozenStakeTime is about to reach, a malicious user can stake a small amount of assets for this user through the stakeOnBehalf function, and then lock the stake reward again. Theoretically, users will not be able to take out their own assets in such a reciprocating cycle, but this problem will not lead to loss of funds. The attack process is as follows:
This is the second unaudited DeFi project exposed this month. According to the official statement of YFValue (https://medium.com/@yfv.finance/yfv-bringing-true-value-to- yield-farming-bddc4edf889a), the project code was developed by experienced developers and borrowed from other successful project codes, but there are still inevitable risks. There are specializations in the technology industry. On the one hand, security audit requires the positive thinking of the project party, and on the other hand, it still needs the reverse thinking of a professional security team. It simulates confrontation from the perspective of a professional hacker and finds problems.
By analyzing the code and the details of the vulnerability, the fix for this vulnerability is also very simple. Just check whether the user’s mortgage status is already mortgaged when staking. If it has already been mortgaged, it is not allowed to mortgage again. Or each mortgage is processed separately, and the previous mortgage status cannot be affected.
About SlowMist
SlowMist is a blockchain security firm established in January 2018. The firm was started by a team with over ten years of network security experience to become a global force. Our goal is to make the blockchain ecosystem as secure as possible for everyone. We are now a renowned international blockchain security firm that has worked on various well-known projects such as Huobi, OKX, Binance, imToken, Crypto.com, Amber Group, Klaytn, EOS, 1inch, PancakeSwap, TUSD, Alpaca Finance, MultiChain, O3Swap, etc.
Website:
https://www.slowmist.com
Twitter:
https://twitter.com/SlowMist_Team
Github:
https://github.com/slowmist/
