Knownsec Blockchain Lab | Formation.Fi flash loan security incident analysis

Introduction

On November 21, Knownsec Blockchain Lab detected a hack attack on the DeFi protocol Formation.Fi on Ethereum, resulting in a loss of nearly $100,000. We tracked this incident and analyzed it for the first time.

Refers to objects

Vault: 0 xcb6afdc84e8949ddf49ab00b5b351a5b0f65a723

Xdac17f958d2ee523a2206206994597c13d831ec7 TetherToken: 0

Hackers address: 0 x6510438a7e273e71300892c6faf946ab3b04cbcb

Attack address: 0 xd02c260f54997146c9028b2ac7144b11ce4c20a6

Attack process and cause analysis of vulnerability formation

Brief the attack process

(1) First, the hacker flashes out the startup capital of 200 USDT through the contract 0xd02C

(2) Pledge 100USDT to the contract Vault to obtain 99 Formation USD

(3) Replace 100USDT with a large fee via the Vault contract swapin function

(4) Call the Vault contract function withdraw to destroy 99 Formation USD to obtain the profit of 99999 USDT

(5) Finally return the flash loan and transfer the profits to the hacker’s address

Vulnerability cause analysis

SwapIn function fee can affect the calculation of totalTokens. The greater the fee, the greater the totalTokens.

However, when the function withdraw actually obtains profits, it can be seen that totalTokens participate in the calculation of the actual transfer.

Therefore, when a large number of fee are brought into the calculation of totalTokens, the transfer of withdraw function will exceed the original transfer amount.

Another reason for the huge profit is that the number of decimal places in Formation USD is different from that in THE USDT. Formation USD has 18 digits, while the USDT has 6 digits.

The difference in the exact number of decimal places further amplifies the hacker’s gains in actual transfers.

Vault：

TetherToken：

Reframe the attack process

Step 1: USDT is selected as the token used in the attack. The precision of the decimal point of the target USDT is different from that of Formation USD

Step 2: The hacker pledges 100USDT for arbitrage by calling withdraw function later

Step 3: hack 100USDT to add a large amount of fee and increase totalTokens

Step 4: hackers retrieve pledged USDT, with the purpose of using enhanced totalTokens and exploiting differences in decimal accuracy between tokens to make profits

Step 5: return the lightning loan and transfer the profits

Conclusion

The main reason for this flash loan security incident is that the project side underestimated the impact of the fee on totalTokens and ignored the impact of the precision of the decimal point among different tokens when designing the function swapIn.

Knownsec Blockchain Lab once again reminds us of the frequent attacks on all chains recently, and urgent attention to contract security is increasingly needed. Contract audit, risk control measures, emergency plans, and so on are necessary to be implemented.