On June 26, 2022, the NFT lending protocol XCarnival was hacked, and the hacker made a profit of 3087 ETH.
0x01 Attack information
· Attacker address
0xb7CBB4d43F1e08327A90B32A8417688C9D0B800a
· Attacker contract
0xf70F691D30ce23786cfb3a1522CFD76D159AcA8d
0x3edf976dF38f7d6273884B4066e3689Ef547D816
0x7b5a2f7cd1cc4eef1a75d473e1210509c55265d8
0x234e4B5FeC50646D1D4868331F29368fa9286238
· Official contract
XToken 0x5417da20ac8157dd5c07230cfc2b226fdcfc5663
XNFT 0x39360ac1239a0b98cb8076d4135d0f72b7fd9909
P2Controller 0x34ca24ddcdaf00105a3bf10ba5aae67953178b85
0x02 Attack steps
1)A total of 120 ETH was obtained through the currency mixing platform Tornado.Cash.
2) Use 87 ETH to buy BAYC with ID 5110.
3) Deploy the attack contract and transfer 5110 BAYC to the attack contract. Here we take the attack contract 0x7b5a2f7cd1cc4eef1a75d473e1210509c55265d8 as an example:
4) To carry out NFT stake and loan, call the XNFT.pledgeAndBorrow method.
The attacker did not borrow funds after staking the NFT, and then took out the NFT through XNFT.withdrawNFT.
In one transaction, multiple staking, loan and NFT withdrawal operations are performed in order to increase the number of orderId corresponding to the address controlled by the attacker.
5) The attacker borrows the orderId that has been staked before, and borrows the orderId generated in the previous step one by one.
6) The attacker transfers the profitable funds to the wallet address.
0x03 The main vulnerability
The attacker increases the correspondence between the attacker’s relevant address and orderId through multiple stake loans and NFT withdrawal operations, and then calls the Xtoken contract to borrow. Since the borrower checks the order id address staked by the attacker, the attacker can use multiple Call borrowing and pass in the previous order id to obtain a large amount of borrowing.
The attack flow is as follows
0x04 Summary and Recommendations
According to this attack, the attacker mainly obtained a large number of order IDs corresponding to their own addresses by staking loans and withdrawing NFTs multiple times, and then withdrawing a large amount of funds by calling the borrowing method multiple times. The time is strictly limited, so that the attacker can click farming multiple times to increase the number of staked orders. After that, in the Xtoken contract, only the order id is used to determine whether the loan can be borrowed, so that the attacker can perform multiple borrowing operations after completing the staking order.
0x05 Security advice
· It is recommended to strictly limit the NFT staking time to ensure that it cannot be withdrawn instantaneously;
· It is recommended to strictly limit the impact of NFT staking time on receiving rewards;
· It is recommended to check whether multiple conditions are met when borrowing after staking
Join Coinmonks Telegram Channel and Youtube Channel learn about crypto trading and investing
