APE attack incident technical analysis
In the previous article we had mentioned the whole Events, this article we will analyze in a technical way. Apecoin is the governance and utility toke that serves the Bored Ape Yacht Club community and related communities. This airdrop has been one of the most anticipated in the NFT community due to the massive popularity of the Bored Ape Yacht Club brand.
0x02 Attacker information
The attack occurred on the Ethereum chain, and the main attack information is as follows:
Attacker wallet address:
The relevant contract address created by the attacker:
Token contract (vulnerable contract):
Attack transaction process:
Vulnerability related contracts:
- BeaconProxy: 0xEA47B64e1BFCCb773A0420247C0aa0a3C1D2E5C5
- NFTXVaultUpgradeable: 0x73d2ff81fcea9832fc9ee90521abde1150f6b52a
0x03 Attack Analysis
The attacker mainly carried out three steps:
Step 1: Attacker acquires ERC 20 tokens via flash loan and converts them to NFTs
Step 2: The attacker uses the exchanged NFT to obtain APE airdrop tokens
Step 3: Return the NFT, obtain the pledged ERC 20 tokens, return the flash loan, and transfer the profited funds to the wallet address
0x04 Vulnerability Details
The reason for the success of the attack：
Step 1: Flash Loan (Contract: NFTXVaultUpgradeable)
As shown in line 999 of the above figure: the vToken of “quantity + fee” will be destroyed, so the vToken prepared by the attacker needs to be larger than the borrowed vToken to execute the flashLoan() function.
Step 2: Redeem NFT (Contract: NFTXVaultUpgradeable)
As shown in the figure: the redeem function calls the redeemTo function, the tokens are destroyed in line 2127, the handling fee is deducted in line 2134, and the NFT is sent directly to the caller in line 2137.
Step 3: Claim Airdrop Tokens (Contract: AirdropGraphsToken)
As shown: alpha.balanceOf() and beta.balanceOf() are checked on line 105 to ensure that the caller is indeed a BAYC/MAYC holder. Then, in lines 114–115, use the list to mark the tokenId claimed. The getClaimableTokenAmountAndGammaToClaim() function in line 110 allows the contract caller to only claim the amount of ApeCoin that can be claimed.
Step 4: Minting (Contract: NFTXVaultUpgradeable)
As shown in the figure: line 2089 sends NFT to the contract, line 2092 sends tokens, and line 2094 consumes fees.
The entire NFTXVaultUpgradeable contract provides minting, redemption and flash loan functions. The attacker used this method to easily bypass the check of the current number of NFTs held by the AirdropGraphsToken contract and gained good benefits.
So far, the attacker has used this attack process to attack the AirdropGraphsToken and NFTXVaultUpgradeable contracts, making a total profit of about $350,000 (calculated at the market price at the time of the attack).
From this attack incident, the most important factor for the success of the attack is in the AirdropGraphsToken contract: there is no reasonable validation of the principle of airdrop. Attackers can obtain APE airdrops by exchanging flash loans for NFT, and then return NFT coins to flash loans, posing a threat to the project.
0x05 Security Advice
- Pricing assets without relying on factors that can be manipulated
- Use the mechanism to judge whether the dependency condition is legal (eg: judging the duration of the dependency condition)