Fantasm Finance Post Mortem: Exploit 09 March 2022
Dear Fantasm Community and Partners, we would first and again like to sincerely apologize for the exploit which occurred yesterday. We also want to thank everyone who has helped us in handling this event and supported us in fixing the code vulnerability. We have patched the vulnerability and shared the newly committed code with our auditor.
What Happened
On March 09, starting at approximately 02:00 p.m. UTC, we have been made aware of suspicious transactions related to the Fantasm protocol which resulted in a loss of $2.62M.
We have performed a forensics analysis to provide more insight into transactions and actions taken by the exploiter. Our findings are presented in a chronological sequence of events as follows:
BNB Chain
1. The Exploiter gets funds from BNB Chain via Tornado Cash:
- Transaction 1
- Transaction 2
2. The Exploiter swaps BNB to USDC via Pancakeswap:
https://bscscan.com/tx/0xe47bd66738fd6721817ebc68cfdfde19d860330cc8b84bdf6761a3f1957ef188
3. The Exploiter bridges USDC to Fantom via Celer Bridge:
https://bscscan.com/tx/0x2b5f61778881958d98935cdfcbcb97a7de8405b1d059c931f02461776ad9e007
Fantom Chain
4. The Exploiter receives USDC from Celer Bridge:
https://ftmscan.com/tx/0x39be07303cf562407c857d9b43077f99bd63ee46b1a95d5cfe5947ee3c106422
5. The Exploiter receives FTM from a faucet:
https://ftmscan.com/tx/0x455f72c451743bccfd9800c43bb56fcdd72d135247335ce07946c36974f5b799
6. Swap USDC for more FTM:
https://ftmscan.com/tx/0xed81960af5bba6cb7a48839ed9a6eed9b665cba4b9cfc1089603262e0082e9f2
7. The Exploiter deploys a contract (0x944b58…) which will trigger the exploit:
https://ftmscan.com/address/0x944b58c9b3b49487005cead0ac5d71c857749e3e
That contract exploited the error in Fantasm’s Pool contract where the developer missed the condition checking for the minimum amount of input FTM when minting XFTM.
8. This contract deployed by Exploiter repeatedly performs the following:
i. Mint XFTM by input only FSM token without entering any FTM
ii. Collect XFTM token
iii. Sell XFTM token to FTM
iv. Buy more FSM and repeat the first step to get a larger amount of FTM
9. Eventually, the exploiter sold all his FTM for ETH and bridged these ETH to Ethereum, again via Celer Bridge. The total amount exploited is 1008.498875252390151 ETH (approximately $2,622,097)
Ethereum Chain
10. Exploiter used Tornado to siphon the stolen fund:
https://etherscan.io/address/0x47091E015b294B935BAbDA2d28aD44e3Ab07ae8D
Forensic Analysis
The steps described above factually present the sequence of events performed by the Exploiter. We have done further forensic analysis in an attempt to collect additional information about the Exploiter.
As shown in step 1, the Exploiter has acquired funds from BNB Chain via Tornado Cash. In particular, he acquired 2 BNB tokens. This means the Exploiter needed to deposit 2 times 1BNB into Tornado Cash. It’s not likely he would do that already a few days or hours before he withdrew. Therefore, we tracked down deposits to Tornado Cash with a value of 1 BNB. These are the addresses that deposited 2 times 1 BNB into Tornado Cash yesterday:
https://bscscan.com/address/0x1e9f656b410dfaeaf43cbafd3b83192c50eb7c86#tokentxns, and
https://bscscan.com/address/0x1cbeae4682b0cc2b85fc06fff98d9457912d7a52#tokentxns
This one is the most suspicious: https://bscscan.com/txs?a=0x1e9f656b410dfaeaf43cbafd3b83192c50eb7c86
That address was created yesterday and received 2.3 BNB from Binance Hot Wallet.
Repayment Plan and Proposed Steps
Summary:
1. Accumulated FTM fees -> distributed to FSM stakers and lockers. The FTM fee distribution will start on 11 March 2022 at 9AM UTC.
2. Whitehacked FTM > airdrop back to XFTM holders based on a snapshot
3. Token relaunch > several airdrops (to be decided by our upcoming DAO) to both XFTM and FSM holders/LPs/stakers/lockers, based on a snapshot
4. All FSM farms will stop emitting FSM tokens today and no more XFTM can be minted anymore.
First of all, and most importantly, we have 935,415 FTM from white hacking the protocol ourselves once we became aware of the exploit. We will return this to users via a snapshot compensation at block height 32970600. This part will be returned to XFTM holders.
Secondly, we concluded that can’t reuse XFTM or FSM tokens for the future or a relaunch since these contracts are very airtight and we do not have enough room for sufficient centralized control to reuse them and continue with the same tokens. The FSM incentives will stop at 3PM UTC today. Therefore, we will do an airdrop in form of a new token (relaunch), again via a snapshot compensation. The snapshot should be taken at block height 32970600, right after we officially tweeted about the exploit.
Third, we have 174,327.763 FTM in accumulated protocol fees. The only way to get these fees out (again, contracts are very airtight) is through distribution to users who staked and/or locked their FSM. Therefore, we must use these fees as compensation for FSM holders. Again, the FTM fee distribution will start on 11 March 2022 at 9AM UTC.
Note that FSM holders will be eligible to participate in the upcoming DAO decision-making along with holders of the new token that will be created for the relaunch.
Next Tasks
Our main focus is the following tasks:
- Relaunch the protocol and launch the DAO
- Perform the required steps needed to start refunding users
- Work together with our auditor and confirm that the code vulnerability has been fixed
- Reach out to external parties who can help us in investigating our forensic findings in more detail, such as getting in touch with Binance.
We once again deeply apologize for the inconveniences caused by this. We encourage the attacker to reach out to the Fantasm team and begin a dialogue for the return of our users’ funds. They are impacting everyday users of DeFi and we would like them to do the right thing. We will honor a bug bounty of 10% upon returning of funds.
Website: https://fantasm.finance/
Docs: https://fantasm-finance.gitbook.io/
Twitter: https://twitter.com/fantasm_finance
Discord: https://discord.gg/QRVcMBmNcc
Telegram: http://t.me/fantasmfinance
Telegram ann: https://t.me/fantasmfiann
Medium: https://medium.com/@fantasmfinance
