Open in app

Sign in

Write

Sign in

Incident Report on 22 Feb 2022

Flurry Finance
Flurry Finance
Published in
6 min readMar 3, 2022

Dear Community,

Our team Flurry Finance would like to thank you for your patience and support throughout the unfortunate incident in which the exploitation has cost the loss of a total sum of USD 250,668.11 on the Flurry Protocol (FlurryPro).

Before taking a deep dive into the hack, we first have to understand two basic concepts used in the interest calculation mechanism at FlurryPro:

Multiplier

The Flurry Protocol was designed to store the interest accumulation value in a variable named “multiplier”.

Here’s a simple example to show how it works:

On Day 0, user A deposits USDT 100 to mint 100 rhoUSDT. The balance that user A has on FlurryPro thus is 100.

While the USDT deposit is being deployed to different strategies to earn interest, the interest value earned will be reflected in user A’s wallet with the help of the multiplier. Let’s say the interest earned after Day 1 is 0.5, and here is what the multiplier does in FlurryPro:

  1. Multiplier value will be updated from 1 to 1.005.
  2. In users wallet, the balanceOf() function will multiply the user balance by the multiplier value and return the result (i.e. 1.005 * 100 = 100.5)

The main reason that the multiplier is designed this way is to save gas fees. Imagine paying for gas for updating balances for thousands of users, it will be a nightmare if we have to update each of the balances on every rebase. Instead, via using the multiplier, we only have to do 1 update in order to reflect the latest balances for all users according to their interest earned.

Rebasing Option

There are two types of rhoToken owners, however the rebasing options works differently:

  1. Externally Owned Account (EOA)
    For an easier understanding, your wallet address is an EOA address. The balance of an EOA address will be applied to the multiplier in order to reflect the interest earned.
  2. Contract Account (Smart Contract)
    The multiplier was designed not to be applied on Contract Addresses which means Contract Address will not participate in the interest earning process. Such implementation is to avoid changing balances in usual AMM implementations like Uniswap, Pancake, etc. as it will mess up the price calculation.

Now, let’s take a look at what exactly happened on the date of 22nd February 2022.

Summary of the Attack

The attacker first manipulated the multiplier and then artificially increased his rhoToken balance (the increased balance is not backed by any underlying stablecoin) by switching an address from an EOA address to a contract address. Then he cashed out by redeeming the increased rhoTokens balance at FlurryPro to receive the underlying stablecoin.

The attacker took the following steps:

  1. Manipulated the multiplier and forced the multiplier value down to below
  2. Minted rhoTokens with the lowered multiplier and sent the rhoTokens to a EOA address
  3. Deployed a contract to the EOA address to switch the EOA address into a Contract Address.
  4. Since the multiplier doesn’t apply to contract addresses, the rhoToken balance was artificially spiked up.
  5. Sold the increased rhoToken balance to pancake swap for stablecoin.
  6. Redeemed the increased rhoToken balance on FlurryPro for stablecoin

The attacker repeated the above steps multiple times till he drained all the stablecoin (USDT and BUSD) from the Vault of FlurryPro.

Details of the Attack

As the Attacker repeated the above steps multiple times and the actions undertaken were relatively the same, we will just select 1 thread of transactions to explain how FlurryPro was being manipulated.

We found that the attacker mainly used the following 3 addresses to conduct the above steps:

Exploiter0–0x2A1F4cB6746C259943f7A01a55d38CCBb4629B8E

Exploiter1–0x0F3C0c6277BA049B6c3f4F3e71d677b923298B35

Exploiter2–0xB7A740d67C78bbb81741eA588Db99fBB1c22dFb7

Exploiter 0 & 1 are two EOA addresses, while Exploiter 2 is a contract address, which is a malicious contract implemented as a ERC20 token.

Action 1: Create Liquidity Pool on PancakeSwap

First, Exploiter1 called Exploiter2 to set up a pancake pool with the token pair: BUSD and Exploiter2 in Block 15484575 (TxnID: 0xb6e1e0f1bfccbc332a195f4974989bc9d1a00fe3f9b0ccd4ebabe885383e6fa4)

A Exploiter2-BUSD token pair was created as indicated on log https://bscscan.com/tx/0xb6e1e0f1bfccbc332a195f4974989bc9d1a00fe3f9b0ccd4ebabe885383e6fa4#eventlog

Action 2: Mess up the multiplier

Then Attacker took the following steps to mess up the multiplier in Block 15484611 (TXN ID: 0x923ea05dbe63217e5d680b90a4e72d5552ade9e4c3889694888a2c0c1174d830).

1-Exploiter1 borrowed BUSD 3,293,802.7249 from Rabbit Finance BUSD pool and initiated a Flash Loan strategy

2-The strategy triggered a call to the contract StrategyLiquidate that in turn withdrew liquidity from the pancake pool set up in block 15484575.

3-The liquidity withdrawal involved a transfer of the malicious token Exploiter2, which required a call to the safeApprove function of the malicious token. Within the safeApprove function, the exploiter implemented a call to FlurryRebaseUpkeep to trigger the rebase at FlurryPro.

4-The rebase call calculated the balance of funds that FlurryPro deployed to the Rabbit Strategy. However, since we were in the middle of a Flash Loan, the balance returned by Rabbit Strategy did not take into consideration the loan amount and returned a much lower value. The multiplier calculated using this wrong value gave a wrong value of 0.415981 (in 18 decimals of number reflected below).

5-Exploiter1 returned BUSD 3,293,802.7249 to the Rabbit Finance BUSD pool

Action 3: Manipulate rhoToken amount by switching EOA into contract address

After messing up the multiplier, the attack continued on Block 15484654 (TXN ID: 0x646890dd8569f6a5728e637e0a5704b9ce8b5251e0c486df3c8d52005bec52df),

1-Exploiter1 calls Exploiter2 to borrow 1,218,367.6045 BUSD from DODO Private Pool

2-Exploiter2 minted 1,221,984.3647 rhoBUSD using the wrong multiplier value of 0.415981

3-Sent 55,607.076 to a EOA address (0x32e0c08617e84b9568541db969b79cefd6ef2e44)

4-Created a contract at the above address to turn it into a Contract Account. The multiplier value would not be applied to the account balance and thus the balance went from 55,607.07 rhoBUSD to 130,778.576 rhoBUSD

https://bscscan.com/address/0x32e0c08617e84b9568541db969b79cefd6ef2e44#tokentxns

5-Redeemed 1,212,961.408 rhoBUSD and 3,887.0476 rhoBUSD

6-Returned the loan 1,218,367.6045 BUSD to DODO Private Pool

The above steps created 130,778.576–55,607.076 = 75,171.501 rhoBUSD for Exploiter2.

Total funds impact

The attack repeated the steps multiple times for rhoBUSD and rhoUSDT:

From the transaction that we pulled from bscscan (please refer to the chart here), the Exploiter net redeemed 61,873.65 rhoBUSD and 166,087.01 rhoUSDT from FlurryPro.

And Exploiter also sold 100,000 rhoBUSD for 13,271.364 BUSD and rhoTokens and 80,000 rhoUSDT for 9,407.0846 USDT at Pancake Pool:

In conclusion, the attacker has exploited approximately 175,494.09 USDT and 75,174.02 BUSD through the incident.

Flurry Finance Statement

We would like to issue an official statement to apologize to all rhoToken users, and we would take full responsibility, supported with our action and compensation plan, which will be announced tomorrow.

The exploitation was sophisticated and we see it as an inevitable cost to pay in the journey of seeking “DeFi for all”. Security for the entire platform will be checked and updated before redeployment.

It will involve a series of upgrades for all rhoToken smart contracts, which would take time. Appreciate your patience and support throughout.

About Flurry Finance

FLURRY is a DeFi protocol offering cross-chain yield aggregation with rhoToken, which is pegged 1:1 to its underlying stablecoin. It automatically farms for yields across different DeFi protocols without locking up funds or interest earned by diversifying DeFi product risk, resulting in lower gas fees.

With a team composed of graduates from Cornell University, Stanford University and Imperial College London, and pedigrees from JP Morgan, Barclays Capital, KBC Financial Products, Daiwa Capital Markets and Societe Generale, Flurry Finance is well-equipped to take the DeFi sector by storm.

Contact Us
Website: https://www.flurry.finance/
Twitter: https://twitter.com/FlurryFi
Telegram: https://t.me/FlurryFinance_Official
News Channel: https://t.me/FlurryFinance_News
Discord: https://discord.gg/t78aN3dmD2

Flurry Finance
Certik
Slowmist
Tech
Rhotokens

--

--

Flurry Finance
Flurry Finance

Written by Flurry Finance

477 Followers
Editor for

A team of crypto believers who tries to improve the DeFi space with better products.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams