Reserve Exploit: Live Updates
We are investigating a coordinated exploit by several bad actors in the space against the HERD.
Before we get into the details, just know that the quality of your enemies will improve with success.
We have not been administratively hacked and nothing has changed on the network from a contract perspective. Please reference the past activity of the ELEPHANT Deployer to confirm:
Several smart contracts and resources were used to automate an attack against the ELEPHANT Treasury. We are currently investigating the specific transactions and attack vectors used to remedy the situation in the short term.
ACTION WE ARE TAKING NOW
We are pausing the Reserve which will disable Stampede and the minting/redeeming of TRUNK.
We are working with our partners at Certik / InsurAce to investigate this attack.
ACTION YOU SHOULD TAKE
— — DO NOT SELL — -
— — DO NOT ANSWER DMS — -
— — YOUR FUNDS ARE SAFU — -
The base layer of the Elephant Money platform is secure and has stood up to this challenge. The exploit of the Reserve will be addressed and we will move on.
For all future communication during this triage process please got to: https://medium.com/elephant-money
The exploit was executed in a single smart contract tx located here:
We are working with our partners to investigate this…
The ELEPHANT Reserve has been officially paused. Here are the details:
- Stampede and the Reserve will no longer function when trying to execute transactions. If Metamask says the TX will fail it will and you will burn BNB unnecessarily.
- You will continue to earn Stampede rewards throughout this process. Reserve reward pools will be adjusted down from the inflated numbers created by the attack. TRUNK Rewards and Performance pools will be adjusted to $2.5M and $500K respectively.
The official loss from this exploit is 27,416 BNB, valued at $11.2M at the time of writing.
In recent design sessions for the next release of Stampede this particular exploit would have been fully covered as we switched to using PCS as the primary redemption mechanism, fully insulating the ELEPHANT Treasury. We are currently at v4.2 of Stampede and the Reserve, which has performed better than any previous version and uses PCS for redemptions conditionally.
It took a significant amount of capital to bust through the systems defenses. Over $261M in volume. Just know that we are approaching unstoppable tokenomics and that there are those out there that will stop at nothing to prevent Cashflow for All from happening.
Elephant Money has defended against all manner of attacks since its inception a year ago. This exploit got through and its delivery was planned and timed. We are building this solution for generations to come, we must be tested.
On a final note, I would be wary of investing in or supporting any auditor, dev team, investor, etc. that is “HIGH FIVING!” at the expense of the SHARED community. Every time bad actors win it hurts the entire space. There are prominent teams that were aware of weaknesses and stood by and did nothing at your expense. Even after I and other community members asked them to disclose. It is not my job to call them out explicitly, but you know who they are.
The BUSD Treasury has been tapped to rebuild the ELEPHANT Treasury which has always been the plan for Stampede v5. In the upcoming version of Stampede / Reserve the ELEPHANT Treasury will be used to payout yield ONLY. Redemption will be handled through PCS exclusively.
$2.5M is BUSD has been deployed to the ELEPHANT Deployer with another $2.5M ready to be deployed after community members have a chance to DCA in. The exploit will be patched and we will move on.
The ELEPHANT Deployer will forward funds to the ELEPHANT Treasury once a viable EMERGENCY patch is in place. Here are the latest ELEPHANT Deployer buys for review:
During the aftermath of this attack you will win big if you HOLD/DCA ELEPHANT. You will only lose money if you SELL. DO NOT SELL, YOU WILL REALIZE UNNECESSARY LOSSES. This was an attack on our liquidity, but we have built a large war chest… YES, WE ARE IN A FIGHT FOR CHANGE.
Summary of the exploit provided by https://peckshield.com
XJ (PeckShield), [4/13/22 11:59 AM]
Forced investment (yDAI-like hack)
— — — — — — — — — — — — — — — — -
1. Flashloan 130K WBNB/1K WBNB/91M BUSD from Pancake Pairs USDT_WBNB/Cake_WBNB/USDT_BUSD respectively
2. Swap 131K WBNB -> 37,972,517,886,502.22 ELEPHANT (to make WBNB imbalanced)
3. C1.mint with 91M BUSD
- Mint 90,124,650 TRUNK to H1
- Swap 22.5M BUSD -> 48.8K WNBB -> 3,050,142,559,411.813 ELEPHANT (to an embalanced pool)
- Deposit 3,050,142,559,411.813 ELEPHANT to Treasury_af09
. Swap 250,000,000,000.0 ELEPHANT -> 4956 WBNB
. AddLiquidity 250,000,000,000.0 ELEPHANT + 4956 WBNB -> 1087 Cake-LP_ELEPHANT_WBNB
- Mint 910,407 TRUNK to C1
- AddLiquidity 910,407 TRUNK + 902,123 BUSD -> 880,609 Cake-LP_TRUNK_BUSD
4. Swap 34,244,200,239,512.18 ELEPHANT -> 163,782 WBNB (to profit from reverse swap)
45,000.0 TRUNK -> 44,156 BUSD
5. C1.redeem with 90M TRUNK
- Burn 90M TRUNK
- Withdraw 66.8M BUSD to H1, 64,450B ELEPHANT to H1
6. Swap 140,806B ELEPHANT -> 21,701 BNB, 28,268 WBNB -> 12M BUSD
The exploit triggered a 2% graveyard rebalance due to high volume, $262M, which sold an additional 10T tokens at the bottom: https://bscscan.com/tx/0xcbc654cba0dfe0a455991372716af0f3fb32e497b054c83881fbf3d78d0c0be9
Forensic Tracking Analysis provided by https://peckshield.com:
Strategic buyback of TRUNK has begun to fund the upcoming TRUNK Treasury. $391K of TRUNK has been purchased to date by the ELEPHANT Deployer:
Here are some recommendations from a code reviewer at our partner InsurAce.
After skimming thru the code and transaction history, here are some thoughts we hope would help. Some bullets might be generic for flash loan cases.
1. hacker takes flash loan and buys elephant token.
2. minting trunk internally will buy back elephant and meanwhile add liquidity depth for both elephant and trunk.
3. taking profit by selling elephant token and trunk token.
4. redeem trunk and clean up.
Developers can add some guard into code to break flash loan loops.
1. adding anti re-entrance checks in smart contract level, so that some key functions cannot be chained into one tx by other smart contract.
2. convert redeem to delay_redeem by adding a timelock, this will break flash loan loop too.
3. saw that there are some code directly integrated with external swap to use as the oracle for price querying. it’s better to utilize some chain link price feed or some TWAP based price to smooth the impact when external swap pool got manipulated.
4. adjust the price slippage check to squeeze the profit margin.
5. Token flow wise, seems when redeeming TRUNK, you plan to utilize the liquidity in PancakeSwap to avoid burning TRUNK, another thought might be helpful is, you can build single sided liquidity on your platform instead of using two sided pool like PCS, single sided liquidity pool will play like a guard between BUSD pool and external liquidity like PCS, but still, depends on what you want to achieve for the token flow and tokenomics, things might adjust a bit.
Would like to hear more from you in case of any. and we could together review the code after your team polish the fix. Cheers.
Many of these features were in planning for v5 of Stampede / Reserve. In particular 2 , 3 , and 5.
We have identified the hacker’s addresses on ETH where funds were sent. These will be monitored closely by our partners and law enforcement. Here are the addresses as follows:
- 0x8B7245C398E6a42b0475099b878D21101eF58471 472 ETH
- 0x21904B8C9Fa6D7da88E10Ae9e4493B1464A3D56b 472 ETH
- 0xfa2092b35546ef08cb736f1b4f26cc98a949e6f7 337 ETH
- 0x8fac3349Bc2592337bc61d419E12AE2A18Fe6577 339.9 ETH
- 0x2d3F27B6c8CAc4ba8B5D715D25AfcA03c05D0308 331.7 ETH
- 0xEB1521aEf54436F31007D4a9378e1ceBc8cB44d9 180.4 ETH
- 0x39C15D6dbc47F0EAB0fEE2469422E4A109352d54 473.4 ETH
- 0x219395018CfB8e337f2c79010Cd70144Eb16F500 472.1 ETH
- 0x3447d546d18a66Ab99Fe9edca23B6d8ce5c0B0a3 392.2 ETH
We will start to explore options to reclaim these funds.
In a best case win-win scenario the hacker would receive a 10% commission on the funds exploited as a bug bounty, returning the remaining 90% of ETH to the ELEPHANT Deployer address on Ethereum:
In exchange for their service Elephant Money would not pursue criminal action against the hacker. Furthermore, Elephant Money will seek to standardize this bounty process on a go forward basis.
Our partner Certik put out an alert regarding the flashloan Reserve exploit. You can review it here:
Just a correction. It was the ElephantReserve that was exploited and the redeem function specifically, not the ELEPHANT Treasury.
In addition, the ElephantReserve was audited and reviewed with Solidity Finance and the code remained closed source.
Here is proof that the ElephantReserve was covered by an audit and the cost to review was increased due to its complexity. Remember that the ElephantReserve is key to what makes ELEPHANT unique and we kept its operation close to the vest for competitive reasons to protect the community’s investment in the platform. The ElephantReserve will remain closed source.
In addition to an audit by Certik and Solidity Finance we also reached out to RugDoc and Paladin that both refused to do an audit. Would the Elephant Money community be protected if they had of said yes?
We will engage with Peckshield for audit of the ElephantReserve and Stampede contracts on a go forward basis. We will also bring on additional audit partners in the coming months.
Do not DM BT directly unless you know him personally and are working on the project. In addition, if you receive DMs from anyone it is a SCAM. The official Telegram is paused at https://t.me/elephant_money
This is the ONLY source for legitimate information about what is going on at Elephant Money and it represents the work of the team and out partners.
Our stance on hackers at Elephant Money is that they are a necessary and vital component of the ecosystem. A hacker was able to use a flash-loan to leverage a retired ElephantReserve contract last night that resulted in the arbitration of the TRUNK/BUSD LP at the expense of funds in the BUSD and ELEPHANT Treasury. Here are the details of the transaction:
- 256K BUSD was taken out as a flash-loan
- 268K TRUNK was bought from the TRUNK/BUSD LP; positive and raised the peg
- 199K BUSD was pulled from the BUSD Treasury
- 780B ELEPHANT was pulled from the ELEPHANT Treasury
This was one of a handful of small flash-loan attacks over the evening on a retired ElephantReserve at:
To prevent further attacks the remaining treasury funds for both ELEPHANT and BUSD have been moved to the ELEPHANT Deployer. Those transactions are here:
- https://bscscan.com/tx/0x8ddda6d29a687a4e987d884ab53ddef38984317ba69308350dc7233c471b65ac — 500K BUSD
- https://bscscan.com/tx/0xa899eef6507fe11748eca552906dc8ab6dd5ebd23eb1bec0c607322598e7bdfa — 1.97T ELEPHANT
New treasury contracts will be spun up for ELEPHANT, BUSD, and TRUNK going forward with fresh whitelists so that retired contracts cannot be exploited to manipulate the funds going forward.
Development on the emergency path of Stampede / Reserve v4.3 has begun. This release will disable redemptions and allow the system to run as normal otherwise. TRUNK holders will need to leverage the PCS and the TRUNK/BUSD LP to move in and out of TRUNK. In addition, minting will still be available when v4.3 is released.
Our partner InsureAce has completed their investigation of the Reserve exploit and have released an official statement. You can see the announcement here:
📣InsurAce.io Announcement Channel
Update regarding Elephant Money situation 🐘 We have finished the investigation regarding the Elephant Money exploit…
In preparation for further capital allocation all of the existing Treasury contracts have had their whitelists manual scrubbed and submitted for review by Peckshield. These include the ELEPHANT, TRUNK, and BUSD treasuries. The remove events can be tracked at the following:
The existing Treasury contracts are being used in existing analytics tracking solutions so the decision was made to retain the existing contracts for historical and reporting purposes. In addition, tighter whitelist controls for retired contracts would have prevented smaller arbitrage attacks that have happened since the primary exploit.
Peckshield has been officially signed on as the third auditor to join Elephant Money.They will be providing investigation services, design consultation, in addition to audits for the new ElephantReserve and Stampede contracts.
For clarification the ELEPHANT Deployer and official public Bankteller address are used to pay vendors for services. It has been this way for years. Regardless of whether vendors accept payment on or off-chain, usually USD/USDC is the payment of choice. For that reason services such as Kucoin, Stargate Finance, and Synapse Protocol historically have been used to facilitate vendor transactions on ETH. It has come to my attention that the payment of $15K to Peckshield has come under question. The funds originated from the ELEPHANT Deployer in BUSD and where transferred to bankteller.eth where they were then converted to USDC using Stargate Finance. Here is the final payment as well as invoice snippet from Peckshield:
Similar transactions have been completed recently using Bitpay to pay Etherscan/BSCscan for ad space. New buys are also scheduled to help facilitate the recovery so I want the community to be aware of what will be happening. Especially since the performance pool is currently offline which is used to cover most operating costs for Elephant Money.
A complete audit of the whitelists for the ELEPHANT, BUSD, and TRUNK Treasuries has been completed by Peckshield. Their findings and record of the audit can be found below:
- ELEPHANT Treasury — https://bscscan.com/address/0xaf0980a0f52954777c491166e7f40db2b6fbb4fc#events
- TRUNK Treasury — https://bscscan.com/address/0xacef13009d7e5701798a0d2c7cc7e07f6937bfdd#events
- BUSD Treasury — https://bscscan.com/address/0xcb5a02bb3a38e92e591d323d6824586608ce8ce4#events
- Note both ELEPHANT_Treasury and BUSD_Treasury have the following address (aka ELEPHANT Deployer) whitelisted — https://etherscan.io/address/0x16e76819ac1f0dfbecc48dfe93b198830e0c85eb
With the Treasury addresses being verified by a third party we can now proceed with confidence to repopulate funds to these contracts which are being actively monitored by multiple third parties to accurately report realtime / historical TVL and AUM for Elephant Money. Such reporting services include the following:
Peckshield is proving to be a versatile and agile partner that has assisted greatly in the recovery and tracking efforts post exploit.
The first round of development on the upgraded ElephantReserve is complete. Here is some guidance on what has been done:
- The ElephantReserve has been greatly simplified and no longer manages liquidity directly.
- On mint BUSD funds are buffered in the BUSD Treasury
- A block delayed sister claim function has been added to deliver minted tokens outside of the current block. This helps break flash-loan attacks and smart contract loops.
- On redeem Pancakeswap is used to refund BUSD at market value. Heavy sellers will incentivize heavy buyers/stakers and this is the core of the arbitration engine that has historically kept TRUNK at peg. A TRUNK price under peg is an opportunity to earn BUSD for instant profit.
- Liquidity is now managed by the new PegSupportTreasuryStrategy contract. This is an autonomous contracts that seeks to support the peg of TRUNK/BUSD and also responsibly transfer funds from the BUSD Treasury to the ELEPHANT Treasury while being resistant to price manipulation and flash-loan attacks, more details soon…
Here is what is what is on the TODO list:
- New reward and performance pools need to be spun up with adjusted credit balances. The flash-loan attack artificially inflated the amount of earned rewards.
- Code review and testing before being delivered to Peckshield for audit.
It has come to my attention that several volunteer / contract content contributors for Elephant Money deleted content in the early hours/days of the exploit out of fear. Some content was actually deleted from this very Medium where individuals definitely SHOULD NOT have removed content that was not owned by them, but the protocol. It is because of reasons like this that I have always run a tight ship when it comes to development and operational management of the protocol, let alone content and information dissemination. You can’t buy the experience that it takes to operate a financial service in a crisis situation. It should be clear by now that this is not my first rodeo when it comes to correcting the ship… whether is be other’s failures or my own. Either way, I will simply do what needs to be done so that we can get back to business as usual. We are taking steps to restore the removed content.
From a business continuity perspective it is our goal to get the Elephant Money protocol running in a completely autonomous fashion ASAP. This exploit has been a godsend in disguise. It validates the things we have been doing right as both a community and on-chain. It has exposed the things we had wrong while leaving everything we have built intact. TreasuryStrategy contracts are now a thing and will be an industry first when it comes to autonomous on-chain governance. It will usher in a model by which protocols can implement and vote on strategies that will run independently until updated, if ever.
I am greatly humbled by the service disruption the community is currently experiencing. At the same time with each passing day I am convinced by all on the recovery team… community members, volunteers, contractors, service providers, and vendors alike that we will emerge stronger than ever as the HERD!
As a followup to to “Update 19” we have included the invoice and txs for our latest ad buy:
- $23K to Etherscan for ads on BSC/ETH for next month
- The invoice and tx was processed through Bitpay
Just a little more insight into what it takes to keep the wheels turning at Elephant Money…
It’s official now, we are on Discord! Discord will be used exclusively during our downtime for chat and upcoming AMAs! Join Us!
Join the Elephant Money Discord Server!
Check out the Elephant Money community on Discord - hang out with 454 other members and enjoy free voice and text chat.
The credits system that is used for calculating rewards for staking and the performance pool is subject to manipulation. The flash-loan attack showed that the system overtime could be manipulated to pay high APR to stakers without them having to commit long term capital. This vulnerability also could be used to overpay to the performance pool as an added side effect. The flash-loan attack inflated the TRUNK Reward Pool from $3.4M to $20.78M and the Performance Pool from $620K to $3.46M. It is clear that we need a more reliable oracle that is aligned with the core tokenomics that drive the system.
One general recommendation by Peckshield was to make use of one sided liquidity pools. The treasury contracts for ELEPHANT, BUSD, and TRUNK are in fact simple implementations of these liquidity pools that are then built on by several whitelisted contracts in the network. With the introduction of the TRUNK Treasury as a core mechanism for Stampede we now have and accumulator of wealth that can be used as a reliable payer to components of the system.
In general when bonding happens in Stampede v5, TRUNK tokens are deposited into the TRUNK Treasury and not burned. When TRUNK is claimed from Stampeded, a withdraw will happen from the TRUNK Treasury on first attempt if the withdraw is less than 1% of the Treasury, otherwise the system will mint tokens.
In v5 of the network, executor contracts such as the Reserve and Stampede, no longer directly manage liquidity and the buying/selling of tokens. Instead they simply push and pull tokens from treasuries as needed or not at all. New Strategy contracts are single function contracts which manage grooming liquidity to maximize value. This is achieved using the existing locked liquidity model; value exchange can only be achieved by selling one of the 3 managed assets (ELEPHANT, TRUNK, BUSD) for another. The new Strategy contracts make decisions based on conditions in the liquidity pools and more importantly, the amount of daily funds available from the treasury to convert assets. Treasuries no longer participate in end user exposed functions; all strategies are governed at the highest level by an annual payout rate.
For v5 of Elephant Money the TRUNK Reward Pool and Performance Pool will be a direct function of the overall health of Stampede. This means that rewards for these pools will be 100% aligned with the success of Stampede, which dictates the overall long term success of the entire Elephant Money ecosystem. The Strategy contracts for the TRUNK Reward Pool and Performance Pool may be released after the initial release of v5 since upgrades to these components were not considered prior to the exploit. This means rewards on these pools may continue to be paused for a period of time.
Looks like folks were a little confused on Update 25. Stampede is not affected by the flawed credit accounting that created the $24M in the reward pools that is fraudulent. The rewards for TRUNK and the performance pool will be based on Stampede metrics. Stampede is actually operational now for deposits and rolling. Claiming has already been updated. Update 25 is just about staking and the performance pool being potentially paused for rewards after the Stampede and the Reserve come back online. You can withdraw from staking and enter Stampede or just sit tight. I would encourage folks to sit tight. Code is actually being wrapped up for everything except what is mentioned in Update 25 and I don’t want to delay longer before audit and testing begins.
In summary, we are close to code complete for the Reserve, Stampede, and the new Strategy contracts which manage Treasuries. Staking and Performance pool rewards are in a holding pattern. You still have full access to your funds in staking should you choose to withdraw. For Stampede, all funds reported in “available” will be paid out as soon as we come back online. Hope this clarifies things. We’ll be live this week.
We have completed our debrief with the United States Department of Justice concerning the Reserve Exploit. The incident has been logged and the core team will remain available to assist should further followup be required. As most of you are aware, smart contracts are vulnerable to flash-loan exploits. This is how hackers were able to take advantage of the system and steal millions of dollars worth of digital assets. We have taken additional steps to secure our contracts and we are working with law enforcement to track down the hackers. We would like to thank everyone for their patience and support during this challenging time in our growth.
What did the top whales of Elephant Money do before and after the Reserve Exploit?
We are code complete on v5 of the Reserve/Stampede on the Solidity side. The next 48 hours will be used for configuration adjustments, instantiation / preliminary testing, and minor UI/UX integration as needed. Preliminary versions of the contracts have also been submitted to Peckshield for audit/feedback.
InsurAce has finalized voting on the Elephant Money Reserve exploit.
The community voting on Elephant Money hack claim proposal has ended with the final result of: Accepted. Thanks to all participants in this vote.
Accepted payments will be distributed in the coming week, after a dispute period.
Further information can be found here:
📣InsurAce.io Announcement Channel
Elephant Money Voting Updates: 1/ The community voting on Elephant Money hack claim proposal has ended with the final…
We have received initial feedback from Peckshield ahead of their full audit. We are prepping to deliver v5 of Elephant Money. Get Ready!
Elephant Deployer has been busy in production… Wiring and production smoke tests… TOMORROW!!!
Update 33 – 8/28/22
Elephant Money v5 BETA is a go!
Hard refresh to get back on track with TRUNK Staking and Stampede. In v5 all minting benefits ELEPHANT directly. The ELEPHANT Deployer will still mobilize capital in the near to medium term to support TRUNK and ELEPHANT.
What has changed between v4.2 and v5? The exploit of the ELEPHANT Reserve and past industry related exploits showed that exposing treasury funds to hot wallet transactions is dangerous. Operating capital and long term storage must be separated… Especially in the DeFi space. Institutional Banking best practices must make their way into this space. In v5 there are three different tiers in which smart contracts operate within the network. They are as follows:
- Treasuries and Liquidity Pools — The core assets of the protocol are only stored in these locations between transactions
- Executors — The Reserve and Stampede are now simplified contracts which do bookkeeping of user accounts and push funds in and out of treasuries based on user requests
- Governance / Strategy — Reward pools and governance contracts groom LP and treasury liquidity in the system to maximize long term value
It is with great pleasure that we release Elephant Money v5. We can manage flash loans and also manage large mints and redeems in a graceful manner. Minting now has a two stage mint/claim process. Redeeming TRUNK is seamless and leverages Pancakeswap liquidity.
We have also included a link to the audit for Stampede and the new Reserve as follows: https://elephant.money/media/PeckShield-Audit-Report-ElephantReserve-v1.0rc.pdf
There is still work to be done to bring v5 to full production. This is mainly in the area of documentation and education. We need to update the white paper and also bring influencers up to speed on the changes. That all said, we are ready to go TODAY!
Hard Refresh and Enjoy!