ArsenHow to approach audit correctly?
Once i’ve started doing audits, it was a bit overwhelming for me to simply read the code, without any hesitation. I’ve believed there is some magic pill, system, framework, that would make from me LSR in one month. Unfortunately there is no magic pill, and most of the frameworks fit for the people individually. However, for the last 12 month i’ve constantly tried to re-adjust my audit approach, to see what work for me best, and i highly encourage you to do the same. See, where do you have the...
ArsenWeb3 Security. Notes
Web3 Security, as any other field require determination and patience. Success isn’t built on the motivation, but on the hard work. Every day we enter the battlefield, where we need to fight against others and most importantly, ourselves. I made some notes, which i believe would be helpful.Part #1 - The Fighting AttitudePeople tend to overestimate their skills. We always think we ‘can’, we ‘can do it’, we ‘can manage it’, even if it above our professionalism . Very often this leads to taking o...
ArsenKyberSwap 50 million$ exploit. Simply 🧑🏾🎤
Follow me on Twitter ✌🏻 Before we will dive in the pretty complicated logic of the attack, i would like to give the brief overview what has happened. I am sure that you are familiar with the UniswapV3 Concentrated Liquidity and how the Ticks works. If no, take a look at it. Part#1. Brief OverviewFirstly. There were two tokens in the pool, WETH and frxETH. Attacker took the huge flashLoan of WETH to make the swap. The idea was to move the price to a tick with zero liquidity.After that, attack...
Smart-contract security researcher ⚡️
ArsenHow to approach audit correctly?
Once i’ve started doing audits, it was a bit overwhelming for me to simply read the code, without any hesitation. I’ve believed there is some magic pill, system, framework, that would make from me LSR in one month. Unfortunately there is no magic pill, and most of the frameworks fit for the people individually. However, for the last 12 month i’ve constantly tried to re-adjust my audit approach, to see what work for me best, and i highly encourage you to do the same. See, where do you have the...
ArsenWeb3 Security. Notes
Web3 Security, as any other field require determination and patience. Success isn’t built on the motivation, but on the hard work. Every day we enter the battlefield, where we need to fight against others and most importantly, ourselves. I made some notes, which i believe would be helpful.Part #1 - The Fighting AttitudePeople tend to overestimate their skills. We always think we ‘can’, we ‘can do it’, we ‘can manage it’, even if it above our professionalism . Very often this leads to taking o...
ArsenKyberSwap 50 million$ exploit. Simply 🧑🏾🎤
Follow me on Twitter ✌🏻 Before we will dive in the pretty complicated logic of the attack, i would like to give the brief overview what has happened. I am sure that you are familiar with the UniswapV3 Concentrated Liquidity and how the Ticks works. If no, take a look at it. Part#1. Brief OverviewFirstly. There were two tokens in the pool, WETH and frxETH. Attacker took the huge flashLoan of WETH to make the swap. The idea was to move the price to a tick with zero liquidity.After that, attack...
Smart-contract security researcher ⚡️
Share Dialog
Share Dialog
Subscribe to Arsen
Subscribe to Arsen
<100 subscribers
<100 subscribers
The root cause of the exploit was that during the swapExactTokenForToken attacker inputed the tokenIn and tokenOut as the same tokens. The main purpose of this function is to deposits MONO(*token that plays crucial role during the exploit) tokens into the pool.
Let’s move forward into the swapIn function. The main thing to concentrate here, is prices. And where do the prices are calculated? Right, in the getAmountOut.
Following the getAmountOut function, we discovered that the _getNewPrice function is used to calculate the tokenInPrice and the tokenOutPrice.
When tokenInPrice is calculated, one of the param. the flag “TxType.SELL” is passed
When tokenOutPrice is calculated, one of the param. the flag “TxType.BUY” is passed
The _getNewPrice is calculated both for tokenIn as well as for tokenOut. Because the four variables in the price calculation formula are the same, the incoming and exiting tokens are the same. We can now assume that tokenOutPrice will be greater than tokenInPrice.
So, let’s move forward in the swapIn function. Because tokenIn and tokenOut are the same, the _updateTokenInfo function will be called 2 times.
Remember! Above we have stated that tokenOutPrice will be higher than tokenInPrice! What does it mean? Correct! During the second _updateTokenInfo the price will be increased.
So, after the price is updated to the higher value, attacker call swapTokenForExactToken, compare to the function that we start the attack from (swapExactTokenForToken), it does the stuff vice-versa, swap MONO for other tokens in the pool.
Eventually, to get the price of swapping, the swapOut is called. Here we could see the final results and the reason why the MONO token was “pumped” recently. It causes the amountIn to become very small, it means “we take less MONO token to receive enough value of other assets”.
The hacker exploited a vulnerability in the MonoX protocol, where the same token was used for both the tokenIn and tokenOut functions. By utilizing the same token in the swapTokenFORExactToken function, the price update for tokenOut bypassed the price update for tokenIn. This caused the price of the MONO token to rise sharply, allowing the hacker to use it to acquire the majority of assets within the protocol.
This educational article is based on the SlowMist writeUp
The root cause of the exploit was that during the swapExactTokenForToken attacker inputed the tokenIn and tokenOut as the same tokens. The main purpose of this function is to deposits MONO(*token that plays crucial role during the exploit) tokens into the pool.
Let’s move forward into the swapIn function. The main thing to concentrate here, is prices. And where do the prices are calculated? Right, in the getAmountOut.
Following the getAmountOut function, we discovered that the _getNewPrice function is used to calculate the tokenInPrice and the tokenOutPrice.
When tokenInPrice is calculated, one of the param. the flag “TxType.SELL” is passed
When tokenOutPrice is calculated, one of the param. the flag “TxType.BUY” is passed
The _getNewPrice is calculated both for tokenIn as well as for tokenOut. Because the four variables in the price calculation formula are the same, the incoming and exiting tokens are the same. We can now assume that tokenOutPrice will be greater than tokenInPrice.
So, let’s move forward in the swapIn function. Because tokenIn and tokenOut are the same, the _updateTokenInfo function will be called 2 times.
Remember! Above we have stated that tokenOutPrice will be higher than tokenInPrice! What does it mean? Correct! During the second _updateTokenInfo the price will be increased.
So, after the price is updated to the higher value, attacker call swapTokenForExactToken, compare to the function that we start the attack from (swapExactTokenForToken), it does the stuff vice-versa, swap MONO for other tokens in the pool.
Eventually, to get the price of swapping, the swapOut is called. Here we could see the final results and the reason why the MONO token was “pumped” recently. It causes the amountIn to become very small, it means “we take less MONO token to receive enough value of other assets”.
The hacker exploited a vulnerability in the MonoX protocol, where the same token was used for both the tokenIn and tokenOut functions. By utilizing the same token in the swapTokenFORExactToken function, the price update for tokenOut bypassed the price update for tokenIn. This caused the price of the MONO token to rise sharply, allowing the hacker to use it to acquire the majority of assets within the protocol.
This educational article is based on the SlowMist writeUp
No activity yet