Unveiling the $16 Million Exploit: Inside the CurioDAO Breach

CURIO EXPLOIT — Is Governance Manipulation?

On Tuesday, March 26, 2024, the Curio’s DAO smart contract was exploited for $16 million. A critical vulnerability involving voting power privileges.

Governance Manipulation

Governance manipulation refers to the act of changing or influencing the rules, decisions, or organization to benefit certain individuals or groups at the expense of others. In the context of Decentralized Finance (DeFi), governance manipulation often involves exploiting vulnerabilities in smart contracts or decentralized autonomous organizations (DAOs) to gain control over decision-making processes.

Imagine a community where everyone has a say in how things are run. This community might have rules in place for voting on important matters, like how to allocate funds or which upgrades to implement. Now, imagine someone finding a way to unfairly tip the scales in their favor. They might acquire extra voting power, bypass rules, or manipulate the voting process to get what they want $M$O$N$E$Y.

In Smart contracts, governance manipulation can have serious consequences, such as funds being misallocated, upgrades being pushed through without proper scrutiny, or even the entire system being compromised. It’s like someone cheating in a game where the rules are supposed to be fair for everyone.

Let’s look the vulnerable code in Curio:

function cook(address _cgt, uint amount, uint wethMin, uint daiMin) external onlyPans { 
    // Move CGT tokens to this contract
    cgt.transferFrom(msg.sender, address(this), amount); 
    // Approve tokens for use
    cgt.approve(address(chief), amount);
    // Lock tokens to increase voting power
    chief.lock(amount);

    ...

    // Cast a vote in favor of something
    chief.vote(yays);
    // Lift the lock on tokens
    chief.lift(address(this));

    ...

    // Generate a signature for a function call
    bytes memory sig = abi.encodeWithSignature("act(address, address)", address(this), address(cgt));
    // Trigger an action on a pause contract
    pause.plot(address(spell), tag, sig, delay);
    pause.exec(address(spell), tag, sig, delay);

    ...
}

About the vulnerable code of CurioDAO?

1. Transfer CGT Tokens: The function cook takes four parameters: _cgt (address of the CGT token contract), amount (number of tokens to transfer), wethMin, and daiMin. The function starts by transferring amount of CGT tokens from the msg.sender (presumably the attacker) to the contract executing the cook function.

2. Approve Tokens: After transferring the tokens, the contract approves amount of CGT tokens to be spent by the chief contract. This suggests that the chief contract is involved in the governance system and requires approval to interact with CGT tokens.

3. Lock Tokens and Vote: The chief.lock(amount) function call locks the transferred tokens, likely to increase the attacker’s voting power within the governance system. The chief.vote(yays) function call then casts a vote in favor of some proposal (yays), further leveraging the attacker’s influence over governance decisions.

4. Lift Lock: The chief.lift(address(this)) function call appears to lift the lock on the tokens, potentially freeing them up for further manipulation or transfer.

5. Generate Signature: The abi.encodeWithSignature function is used to generate a signature for the act function, which takes two addresses as arguments. The purpose of this signature generation is not entirely clear from the provided code snippet, but it likely prepares data for a subsequent function call.

6. Plot and Execute on Pause Contract: Finally, the pause.plot and pause.exec function calls interact with a pause contract, passing it the address of another contract (spell), a tag, a signature (sig), and a delay. This interaction likely triggers some action within the pause contract, potentially executing the malicious actions orchestrated by the attacker.

How does the attacker intiated attack?

This is my perspective from the attacker’s point of view::

• The attacker calls the cook function of the vulnerable contract, passing it parameters including the address of the CGT token contract and the amount of tokens to transfer.
• The attacker transfers CGT tokens to the vulnerable contract, thereby gaining control over them within the contract’s scope.
• The attacker leverages the transferred tokens to increase their voting power within the governance system by locking tokens and casting votes.
• The attacker generates a signature and interacts with a pause contract, likely triggering further actions that enable unauthorized transactions, such as minting tokens or manipulating governance parameters.
• These unauthorized actions, combined with sophistciated financial strategies like token swaps and cross-chain transfers, enable the attacker to exploit vulnerabilities in the system and carry out the attack.

The attack exploits vulnerabilities in the contract’s functionality, combined with manipulation of governance parameters and interaction with other contracts, to execute unauthorized actions and potentially cause significant financial losses.

For more: https://github.com/logesh21n/Solidity-Common-Vulnerabilities

If you have any doubts in Solidity smart contract and smart contract bugs or if you’re stuck somewhere, feel free to DM me. You can also follow me and ask your doubts on:

Twitter: https://twitter.com/NLogesh21
GitHub: https://github.com/logesh21n
Discord: logesh_n