Decoding Euler Finance’s $197 Million Exploit | QuillAudits

Summary:

On March 13th, 2023, a flash loan attack was launched against Euler Finance, a DeFi lending protocol on the Ethereum chain. The attack was made possible by a flaw in token’s donateToReserves function. The hackers were able to steal nearly $197 million from the protocol, making it the largest hack of 2023 thus far.

About Euler Finance:

Euler Finance is a lending protocol that allows users to lend and borrow cryptocurrencies, using mathematical principles to create non-custodial protocols on Ethereum and other blockchains for high performance.

Vulnerability Analysis & Impact:

On-Chain Details:

Attacker EOA-1: 0xb66cd966670d962c227b3eaba30a872dbfb995db
Attacker EOA-2: 0xb2698c2d99ad2c302a95a8db26b08d17a77cedd4

Attacker Contract-1: 0xeBC29199C817Dc47BA12E3F86102564D640CBf99
Attacker Contract-2: 0x036cec1a199234fc02f72d29e596a09440825f1c
Attacker Contract-3: 0xD3b7CEA28Feb5E537fcA4E657e3f60129456eaF3
Attacker Contract-4: 0x0b812c74729b6aBc723F22986C61D95344ff7ABA

Victim Contract: 0xe025e3ca2be02316033184551d4d3aa22024d9dc

Attack transactions on all different pools:
1. 0xc310a0affe2169d1f6feec1c63dbc7f7c62a887fa48795d327d4d2da2d6b111d
2. 0x71a908be0bef6174bccc3d493becdfd28395d8898e355d451cb52f7bac38617
3. 0x62bd3d31a7b75c098ccf28bc4d4af8c4a191b4b9e451fab4232258079e8b18c4
4. 0x465a6780145f1efe3ab52f94c006065575712d2003d83d85481f3d110ed13d9
5. 0x3097830e9921e4063d334acb82f6a79374f76f0b1a8f857e89b89bc58df1f311
6. 0x47ac3527d02e6b9631c77fad1cdee7bfa77a8a7bfd4880dccbda5146ace4088f

The Root Cause:

So, basically, the donateToReserve function lets Euler users put some money into a reserved address. Users call this function, they have both Debt Token (DToken) and Equity Token (EToken).

Source

The attack was possible due to a lack of liquidity checks in the donateToReserves function of Etoken. There was a logical error in the donateToReserve() method. As a result, e-DAI tokens were burned, but not d-DAI tokens. This created bad debt that will never be repaid. So, the hacker was able to withdraw from the protocol using their liquidation contract.

The Attack:

Check out here for more details.

1. The attacker borrowed 30M DAI through a flash loan, and then deployed two contracts i.e. violator and liquidator.
2. 2/3 of the borrowed funds (i.e. 20 million DAI) were deposited to Euler using the deposit() function. In return, the attacker received around 19.5 million eDAI and 200 million dDAI from Euler.
3. The attacker called the mint function, which allows users to borrow up to 10 times their deposit, and borrowed 195.6 million eDAI and 200 million dDAI.
4. Part of the debt was repaid using the remaining 1/3 of the borrowed funds (i.e. 10 million DAI) with the repay() function, and around 10 million dDAI were burned. The attacker then proceeded to call the mint function again and received 195.6M eDAI and 200M dDAI from Euler.
5. The attacker donated 10x of repaid funds using donateToReserves and sent 100 million eDAI to Euler.
6. Then, the attacker liquidated a violator’s account using the liquidate() function because eDAI < dDAI. This initiated the liquidation process, and the attacker obtained 310 million dDAI and 259 million eDAI from the violator.
7. The attacker called the withdraw function and obtained 38.9 million DAI. Out of this amount, he paid back 30 million DAI for the loan amount and 27,000 DAI interest for the flash loan. The attacker profited 8.87 million DAI from DAI Pool.

The exploiter repeated the attacks on other pools, netting around 197 million dollars. More details are below:

After the Exploit

Mar-13–2023- Euler Finance acknowledge the incident and announced it through their twitter.

Mar-13–2023- Euler reached out to the attacker’s address via tx input data.

Mar-14–2023- Sherlock has taken responsibility for missing the vulnerability in their review of EIP-14 last year, and will pay a claim of $4.5M to Euler.

Mar-14–2023- Further Euler Team shared some updates and made some immediate action but the funds we already lost.

Mar-18–2023- The attacker has returned around 3000 ETH to Euler Finance.

Mar-20–2023- The exploiter sent a message to the Euler team regarding returning funds, and the Euler team acknowledged the message and shared the channels for further communication.

Mar-22–2023- Exploiter has reached out to the Euler team over email

March-25–2023- Exploiter returned 51,000 ETH, then again 7,737.25 ETH and 1,230,000 DAI tokens to Euler Finance . More details here.

Similar projects secured by QuillAudits:

• Lybra Finance
• Volt Finance

Reproducing the hack:

We will be using the Foundry framework for POC.

Source

Running Locally:

(Add the Ethereum Mainnet RPC URL in foundry.toml file and run the test using the command forge test -vvv)

Web3 security- Need of the hour

Why QuillAudits for Web3 Security?
QuillAudits is well-equipped with tools and expertise to provide cybersecurity solutions, saving the loss of millions in funds.

Want more Such Security Blogs & Reports?

Connect with QuillAudits on:
Linkedin | Twitter | Website | Newsletter | Discord | Telegram

Partner with QuillAudits :

• Affiliate program ( Refer and secure web3 )
• QuillAudits Partnership Programme ( Venture funds, launchpads, development companies, marketing firms, web2 cybersecurity firms, web3 products )
• Join Ambassador program

New to trading? Try crypto trading bots or copy trading on best crypto exchanges

Join Coinmonks Telegram Channel and Youtube Channel get daily Crypto News

Also, Read

• Free Crypto Signals | Crypto Trading Bots
• An ultimate guide to Leveraged Token
• 16 Best Folding Electric Bikes
• 28 Best Electric Bikes Review
• Top 3 Binance Futures Trading Bots