Hacking investigation
On the night of July 12–13, under cover of night, the attacker was able to withdraw almost all available liquidity from the protocol in ETH and BSC networks.
Let’s figure out how he did it
The hacker address in ETH and BSC: 0xf6f43f77ef9e561dcb2997d8e7ec1d685b6c0fe1 (ETH, BSC).
The hacker address in Polygon: 0xce1f4b4f17224ec6df16eeb1e3e5321c54ff6ede
- He created a token contract (X token) with a modified transfer function. (X1, X2).
- He created pools for X tokens and deposited liquidity.
3. He provided real collateral (USDT, DAI, USDC, etc)
4. He borrowed X tokens and real token (PIE and other) and with modified transfer function in X token he could borrow more than he provided collateral.
5. After that from his second account he liquidated loans of X tokens in the first account thereby return the collateral.
He did this procedure with each pool.
This is an illustration of an attack on the PIE pool on the BSC network:
Transaction: 0x45f6f792638d114f31f6608dca4c79b1216bd5c7c45218a5fd8f1c2e309c6d75
Reasons why this attack was possible:
- Permissionless creating new pools.
The main feature of the DeFiPIE protocol was that anyone can create new pools for any token. It was this feature that allowed the hacker to create a pool for the malicious token.
2. Reentrancy vulnerability
Since the function doTransferOut is before the update of the account state, therefore, upon re-entry, the hacker was able to borrow for an amount exceeding the collateral.
What’s next?
Right now, we have created governance proposals in all networks to set pause guardian, after which we will pause the possibility of liquidations and borrowing. This will avoid re-attacking.
After that, we are going to fix all vulnerabilities in the protocol and introduce our compensation program.