SlowMist:Brief analysis of the xTokenattack event

xToken was attacked today.

1. The attacker loaned 25,000 ETH from dydx

2. The attacker used part of the borrowed ETH to mortgage into AAVE V1 and V2 respectively, and loaned a large amount of SNX

3. The attacker used part of the borrowed ETH to exchange SNX from Bancor
4. Swap SNX to sUSD (6,522,480) through KyberNetwork

-> Swap through the Uniswap/SUSHI/Curve, resulting in large slippage in these exchange pools

5. The attacker transferred 2,037,253 sUSD into the xSNX contract in preparation for bypassing the inspection later

6. Call the callFunction function of the xSNX contract

-> Through the comments, we can know that this function is used to flash loan and then call this function to return the debt.

-> This function will first convert the loaned USDC into sUSD, the amount is the loanAmount (1) passed in by the attacker.

-> Burn sUSD liabilities

-> Convert the SNX in the contract to sUSD, the swap amount is the snxAmount passed in by the attacker (about 614,240)

-> Swap through Kyber/Uniswap/SUSHI/Curve, where slippage has been generated in the fourth step above

-> The 614,240 SNX should theoretically be exchanged for 6,756,640 sUSD

-> But the slippage was not checked, only 808,433 sUSD was swapped

-> After that, sUSD is converted into 811,078 USDC to return the debt

-> The loanAmount passed in before is 1

-> So the final check usdcBalance> loanAmount + 2 is 811,078> 1 + 2 is established and bypassed the check.

7. Then the attacker only needs to convert the remaining large amount of sUSD (4,485,227, which is the remaining amount of step 4 and step 5) into SNX through Kyber against Step 4, and attacker can get the SNX tokens left over due to the slippage in the xSNX contract.

8. After that, the flash loan will be returned through regular swap into corresponding tokens.




Focuses on Blockchain Ecosystem Security, have served over 1k+ customers.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

DeCredit:50,000 CDTC Testnet Airdrop

Overview of the Filecoin Network Indexer

[Pre-Mainnet ANN2]: 50M tokens burnt in launch of DropBurn

How Secure are your Crypto Assets?

You shouldn’t sell your kidneys! Responding to objections to data ownership

Gamejet the deal is right here, grab and fill you pocket with bulk JET tokens

Confusion Matrix in Cyber Crime

Is Trusted Platform Module A Good Physical Security Mechanism?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Focuses on Blockchain Ecosystem Security, have served over 1k+ customers.

More from Medium

DeFi Security Lecture 5-Overflow and Underflow Vulnerability

Post-Mortem Analysis of the Notional Finance Vulnerability — A Tautological Invariant

Unveiling TONStarter 2nd Project ‘DRAGONS OF MIDGARD’

Deep dive into UniswapV2🦄 : UniswapV2Router02