Breaking records: The world’s largest Flash Loan attack
The biggest flash loan attack ever recorded was on March 13th 2023 against Euler Finance. The attack resulted in $197 million being stolen, that in turn affected at least 11 other DeFi protocols who suffered losses as well. Flash Loan attacks are complex, usually using multiple accounts to exploit logic and smart contract vulnerabilities.
The primary vulnerability in the Euler attack was around its “donateToReserves” function.
Euler is a permissionless lending and borrowing platform — similar to Aave and Compound. It uses two different types of token to represent credit and debt. This ratio is related to the protocol’s health score to ensure the accounts are always positively balanced.
How it was done
In the Euler hack case, the perpetrator set up three accounts for moving money around. The first account borrowed 30m Dai in a flash loan which was then sent to their 2nd account. The 2nd account used 20m on Euler and received the credit tokens (eDai) as receipt. From this, the 2nd account can gain leverage by minting more eDai tokens — in this case a further 195.7m eDai. At the same time, Euler created the corresponding debt token dDai equating to 200m eDai (debt) tokens. These were also sent to the perpetrator's 2nd account. The perpetrator had minted nearly 10x of the initial deposit, which is close to the max limit.
They then used the additional 10m Dai from the flash loan to pay off part of the debt i.e. reducing the dDai by 10m. This then allowed the perpetrator to mint another 195.7m eDai creating an account balance of 391.4m plus the original deposit taking the account to 411m eDai (credit). The corresponding dDai (debt) was 400m. At this point, the health score is positive.
The perpetrator then sent 100m eDai to a nullified address destroying it. This changed the health score of the 2nd account as it now had more debt than credit — 400m dDai and 320m eDai. Euler automatically starts the liquidation process. Liquidators are incentivised to buy up the debt and collateral and receive large incentives / bonus for doing so.
As such, the perpetrator's 3rd account became the Liquidator and Euler automatically burned 254m dDai from the 2nd account and transferred it to the 3rd account — the Liquidator account. A further 5.08m dDai was minted by Euler and added to the Liquidators account — effectively transferring part of the debt which now stands at 260m in the Liquidators account (perpetrator's 3rd account).
If a user wants to transfer eDai, the system automatically performs a health check to ensure that your account is in credit with a positive score. However, this check was absent from the “donateToReserves” function, which meant that the borrower could transfer the eDai from the 2nd account with a poor health score to the Liquidators account (3rd account) which equated to 310.9m eDai. This left the 2nd account with a deficit of 146m dDai. At this point, the perpetrator paid off the remaining 260m dDai in the liquidator account (3rd account) leaving a credit of 38.9m. The original flash Loan of 30m Dai was paid back, leaving a profit of around 8.9m in the perpetrators' liquidation account.
In essence, the perpetrator used a flashloan and liquidated themselves to steal funds.
This process was then run again and again across a wide range of tokens allowing the perpetrator to steal around $197m.
Interestingly in the Euler case, after various pleas and bounty offers, the attacker returned all of the recoverable funds minimising any losses — which in today’s world, is a great and unusual thing to see.
About Naoris Protocol
Naoris Protocol is the Decentralised CyberSecurity Mesh for the hyper-connected world. Our disruptive design pattern makes networks safer as they grow, not weaker, by turning each connected device into a trusted validator node. A robust Blockchain protocol that every company can use to protect against the escalating levels of cyber threat.
The more users, businesses, and governance structures that use the Decentralised Cyberecure Mesh, creating networks of networks, the stronger and more secure it becomes.
Want to learn more about it?
Visit our Website or check out our Whitepaper.
Stay connected: Telegram | Twitter | LinkedIn | Medium | Instagram
