RaftSolvency Unlocked: Liquidations and Redistributions
In the thrilling world of decentralized finance, solvency and stability are the dynamic duo that guarantee user trust and adoption. Enter Raft, a decentralized lending protocol that allows people to take out stablecoin loans against capital-efficient collateral. Raft’s first stablecoin is called R and is backed exclusively by stETH (Lido Staked Ether). With its eyes set on becoming the number one stablecoin within the decentralized ecosystem, R relies on the powerful tag team of liquidations ...
RaftUnveiling Raft's LP Staking Mechanism
In our previous blog, we introduced RAFT tokenomics, providing a brief glimpse of how veRAFT fosters community engagement and long-term commitment. Let's dive deeper into veRAFT's mechanics and discover the benefits it offers to the community.RAFT Use CasesRAFT serves two primary functions within our ecosystem:Staking: RAFT token holders can provide liquidity into the RAFT/R 80:20 Balancer pool and stake their Balancer LP token (BPT) into the Raft staking contract for up to 24 month...
RaftRaft integrates with Chainlink CCIP
We’re excited to announce that Raft is integrating Chainlink CCIP—the industry standard for secure cross-chain interoperability. Raft will be launching across the Base and Ethereum mainnets, with plans to launch on Arbitrum and more chains in the near future. We’re leveraging CCIP’s Simplified Token Transfer capabilities to help unlock cross-chain transfers of R.Why CCIP?We selected CCIP as our go-to interoperability solution because Chainlink has a proven track record of maintaining the high...
Raft will voyage again
RaftSolvency Unlocked: Liquidations and Redistributions
In the thrilling world of decentralized finance, solvency and stability are the dynamic duo that guarantee user trust and adoption. Enter Raft, a decentralized lending protocol that allows people to take out stablecoin loans against capital-efficient collateral. Raft’s first stablecoin is called R and is backed exclusively by stETH (Lido Staked Ether). With its eyes set on becoming the number one stablecoin within the decentralized ecosystem, R relies on the powerful tag team of liquidations ...
RaftUnveiling Raft's LP Staking Mechanism
In our previous blog, we introduced RAFT tokenomics, providing a brief glimpse of how veRAFT fosters community engagement and long-term commitment. Let's dive deeper into veRAFT's mechanics and discover the benefits it offers to the community.RAFT Use CasesRAFT serves two primary functions within our ecosystem:Staking: RAFT token holders can provide liquidity into the RAFT/R 80:20 Balancer pool and stake their Balancer LP token (BPT) into the Raft staking contract for up to 24 month...
RaftRaft integrates with Chainlink CCIP
We’re excited to announce that Raft is integrating Chainlink CCIP—the industry standard for secure cross-chain interoperability. Raft will be launching across the Base and Ethereum mainnets, with plans to launch on Arbitrum and more chains in the near future. We’re leveraging CCIP’s Simplified Token Transfer capabilities to help unlock cross-chain transfers of R.Why CCIP?We selected CCIP as our go-to interoperability solution because Chainlink has a proven track record of maintaining the high...
Raft will voyage again
Subscribe to Raft
Subscribe to Raft
>500 subscribers
>500 subscribers
Share Dialog
Share Dialog
On 10 November 2023 at 18:59:23 UTC, Raft encountered a complex security incident, resulting in the minting of ~$6.7 million unbacked R, subsequently, the attacker sold R, causing R's depeg.
A public announcement of the exploit was made on 10 November 2023 at 19:18 UTC.
Exploit Transaction: https://etherscan.io/tx/0xfeedbf51b4e2338e38171f6e19501327294ab1907ab44cfd2d7e7336c975ace7
Raft Exploiter: https://etherscan.io/address/0xc1f2b71a502b551a65eee9c96318afdd5fd439fa
Exploited Contract (InterestRatePositionManager): https://etherscan.io/address/0x9ab6b21cdf116f611110b048987e58894786c244
The sequence of actions taken by the attacker was as follows:
Borrowed 6,000 cbETH from AAVE via a flash loan.
Transferred a total of 6,001 cbETH to the InterestRatePositionManager contract.
Liquidated a pre-created position on the InterestRatePositionManager contract.
Set the index of the raft collateral indexable token to 6,003,441,032,036,096,684,181, which is the cbETH balance of the InterestRatePositionManager contract and was amplified over 1000 times due to the donation in step 2. (Source: MetaTrust Labs)
Minted 1 wei share with only 1 wei cbETH, exploiting the divUp function's behavior.
Repeated step 5 sixty times to acquire 60 wei shares, equivalent to 10,050 cbETH.
Redeemed 6,003 cbETH with only 90 wei rcbETH-c.
The 6.7m R minted was swapped for 1575 ETH (worth $3.6M) through the following pools:
R/sDAI on Balancer: 2.1 million R for 2 million sDAI,
R/DAI on Balancer: 1.2 million R for 1.15 DAI, and
R/USDC on Uniswap: 200,000 R for 86,000 USDC.
Burned 1,570 ETH
The primary root cause was a precision calculation issue when minting share tokens, which enabled the exploiter to obtain extra share tokens. The attacker leveraged the amplified index value to increase the worth of their shares, allowing them to redeem a nominal amount of rcbETH-c for a significant quantity of cbETH and subsequently borrow substantial amounts of R.
The exploited Raft smart contracts were audited by Trail of Bits and Hats Finance. Unfortunately, the vulnerabilities that led to the incident were not detected in these audits.
We are committed to working closely with the community to enhance the security measures and reinforce the resilience of Raft and the crypto ecosystem as a whole.
A police report has been filed and we are working with law enforcement, centralized exchanges, and other parties to identify the attacker.
We are working on a detailed recovery plan to compensate all users affected by the incident as much as possible and in the fairest way.
A public announcement was issued on 11 November 2023, urging all Raft users to await further updates regarding the recovery plan.
To mitigate further risks, all Raft smart contracts were temporarily paused on 10 November. However, users who have minted R retain the ability to repay their positions and retrieve their collateral.
Raft will release an in-depth recovery plan this week, outlining the steps to address the situation and provide redress for affected users. The Raft community will have the opportunity to provide feedback on the proposed recovery plan before it is concluded and the recovery plan is executed.
On 10 November 2023 at 18:59:23 UTC, Raft encountered a complex security incident, resulting in the minting of ~$6.7 million unbacked R, subsequently, the attacker sold R, causing R's depeg.
A public announcement of the exploit was made on 10 November 2023 at 19:18 UTC.
Exploit Transaction: https://etherscan.io/tx/0xfeedbf51b4e2338e38171f6e19501327294ab1907ab44cfd2d7e7336c975ace7
Raft Exploiter: https://etherscan.io/address/0xc1f2b71a502b551a65eee9c96318afdd5fd439fa
Exploited Contract (InterestRatePositionManager): https://etherscan.io/address/0x9ab6b21cdf116f611110b048987e58894786c244
The sequence of actions taken by the attacker was as follows:
Borrowed 6,000 cbETH from AAVE via a flash loan.
Transferred a total of 6,001 cbETH to the InterestRatePositionManager contract.
Liquidated a pre-created position on the InterestRatePositionManager contract.
Set the index of the raft collateral indexable token to 6,003,441,032,036,096,684,181, which is the cbETH balance of the InterestRatePositionManager contract and was amplified over 1000 times due to the donation in step 2. (Source: MetaTrust Labs)
Minted 1 wei share with only 1 wei cbETH, exploiting the divUp function's behavior.
Repeated step 5 sixty times to acquire 60 wei shares, equivalent to 10,050 cbETH.
Redeemed 6,003 cbETH with only 90 wei rcbETH-c.
The 6.7m R minted was swapped for 1575 ETH (worth $3.6M) through the following pools:
R/sDAI on Balancer: 2.1 million R for 2 million sDAI,
R/DAI on Balancer: 1.2 million R for 1.15 DAI, and
R/USDC on Uniswap: 200,000 R for 86,000 USDC.
Burned 1,570 ETH
The primary root cause was a precision calculation issue when minting share tokens, which enabled the exploiter to obtain extra share tokens. The attacker leveraged the amplified index value to increase the worth of their shares, allowing them to redeem a nominal amount of rcbETH-c for a significant quantity of cbETH and subsequently borrow substantial amounts of R.
The exploited Raft smart contracts were audited by Trail of Bits and Hats Finance. Unfortunately, the vulnerabilities that led to the incident were not detected in these audits.
We are committed to working closely with the community to enhance the security measures and reinforce the resilience of Raft and the crypto ecosystem as a whole.
A police report has been filed and we are working with law enforcement, centralized exchanges, and other parties to identify the attacker.
We are working on a detailed recovery plan to compensate all users affected by the incident as much as possible and in the fairest way.
A public announcement was issued on 11 November 2023, urging all Raft users to await further updates regarding the recovery plan.
To mitigate further risks, all Raft smart contracts were temporarily paused on 10 November. However, users who have minted R retain the ability to repay their positions and retrieve their collateral.
Raft will release an in-depth recovery plan this week, outlining the steps to address the situation and provide redress for affected users. The Raft community will have the opportunity to provide feedback on the proposed recovery plan before it is concluded and the recovery plan is executed.
No activity yet