Apr 9, 2022
APE attack incident technical analysis
0x01 Apecoin
In the previous article we had mentioned the whole Events, this article we will analyze in a technical way. Apecoin is the governance and utility toke that serves the Bored Ape Yacht Club community and related communities. This airdrop has been one of the most anticipated in the NFT community due to the massive popularity of the Bored Ape Yacht Club brand.
0x02 Attacker information
The attack occurred on the Ethereum chain, and the main attack information is as follows:
Attacker wallet address:
- 0x6703741e913a30D6604481472b6d81F3da45e6E8
The relevant contract address created by the attacker:
- 0x3EbD3D86f810B141F9b2e9B15961FC66364b54f3
- 0x7797A99a2e91646aBdc9DC30e838A149CCB3013B
Token contract (vulnerable contract):
- 0x025C6da5BD0e6A5dd1350fda9e3B6a614B205a1F
Attack transaction process:
0xeb8c3bebed11e2e4fcd30cbfc2fb3c55c4ca166003c7f7d319e78eaab9747098
Vulnerability related contracts:
- BeaconProxy: 0xEA47B64e1BFCCb773A0420247C0aa0a3C1D2E5C5
- NFTXVaultUpgradeable: 0x73d2ff81fcea9832fc9ee90521abde1150f6b52a
0x03 Attack Analysis
The attacker mainly carried out three steps:
Step 1: Attacker acquires ERC 20 tokens via flash loan and converts them to NFTs
Step 2: The attacker uses the exchanged NFT to obtain APE airdrop tokens
Step 3: Return the NFT, obtain the pledged ERC 20 tokens, return the flash loan, and transfer the profited funds to the wallet address
0x04 Vulnerability Details
The reason for the success of the attack:
Step 1: Flash Loan (Contract: NFTXVaultUpgradeable)
As shown in line 999 of the above figure: the vToken of “quantity + fee” will be destroyed, so the vToken prepared by the attacker needs to be larger than the borrowed vToken to execute the flashLoan() function.
Step 2: Redeem NFT (Contract: NFTXVaultUpgradeable)
As shown in the figure: the redeem function calls the redeemTo function, the tokens are destroyed in line 2127, the handling fee is deducted in line 2134, and the NFT is sent directly to the caller in line 2137.
Step 3: Claim Airdrop Tokens (Contract: AirdropGraphsToken)
As shown: alpha.balanceOf() and beta.balanceOf() are checked on line 105 to ensure that the caller is indeed a BAYC/MAYC holder. Then, in lines 114–115, use the list to mark the tokenId claimed. The getClaimableTokenAmountAndGammaToClaim() function in line 110 allows the contract caller to only claim the amount of ApeCoin that can be claimed.
Step 4: Minting (Contract: NFTXVaultUpgradeable)
As shown in the figure: line 2089 sends NFT to the contract, line 2092 sends tokens, and line 2094 consumes fees.
The entire NFTXVaultUpgradeable contract provides minting, redemption and flash loan functions. The attacker used this method to easily bypass the check of the current number of NFTs held by the AirdropGraphsToken contract and gained good benefits.
So far, the attacker has used this attack process to attack the AirdropGraphsToken and NFTXVaultUpgradeable contracts, making a total profit of about $350,000 (calculated at the market price at the time of the attack).
0x05 Summarize
From this attack incident, the most important factor for the success of the attack is in the AirdropGraphsToken contract: there is no reasonable validation of the principle of airdrop. Attackers can obtain APE airdrops by exchanging flash loans for NFT, and then return NFT coins to flash loans, posing a threat to the project.
0x05 Security Advice
- Pricing assets without relying on factors that can be manipulated
- Use the mechanism to judge whether the dependency condition is legal (eg: judging the duration of the dependency condition)
Join Coinmonks Telegram Channel and Youtube Channel learn about crypto trading and investing
