Decoding Brahma (brahTOPG) Smart Contract Vulnerability
TL;DR
On November 9, 2022, the TopGear vault of Brahma (brahTOPG) project was attacked, in which the hacker was able to steal 89,343 $USDC.
Introduction to Brahma
Brahma is a non-custodial protocol that activates and manages liquidity across chains and decentralized applications and enables effective capital utilization in the DeFi ecosystem.
Vulnerability Assessment
The vulnerability is caused because the Zapper contract rigorously checked for incoming user data, which resulted in an arbitrary external call.
Steps
- The exploit transaction can be seen here.
2. The attacker first queried the balance of one of the users, and then called the zapIn function of the Zapper contract.
3. This function will transfer the token supplied by the requiredToken parameter to the contract.
4. The parameter passed in by the function can be modified externally, allowing the attacker to create a fake token for the requiredToken and then transfer it to Zapper contracts.
5. A call is made to the internal function zap, which checks whether the balance of the fake token in the contract is greater than or equal to the value supplied in.
6. The attacker is able to proceed to the next line of code because the balance value was already queried before.
7. The attacker created this function to transfer frax tokens to the Zapper contract, which will then be deposited into the vault.
8. The attacker was able to transfer USDC tokens from other authorized users since the contract specified by the swapTarget argument is called externally, and the parameters passsed to the call were also externally constructible.
9. The attacker repeated these actions three times, ultimately stealing the USDC balance from the accounts of three victims.
Aftermath
The team is yet to publish a detailed postmortem report to explain the cause and consequences of this incident.
How to prevent such an attack vector
This exploit could have been avoided using proper validation techniques to ensure that the any external call to the contracts were restricted.
Protocol, and Platform Security
Our security team at Neptune Mutual can validate your platform for DNS and web-based security, smart contract reviews, as well as frontend and backend security. We can offer you a solution to scan your platform and safeguard your protocol for known and unknown vulnerabilities that have the potential to have catastrophic long-term effects. Contact us on social media if you are serious about security and have the budget, desire, and feeling of responsibility to do so.
Reference Source
About Us
Neptune Mutual project safeguards the Ethereum community from cyber threats. The protocol uses parametric cover as opposed to discretionary insurance. It has an easy and reliable on-chain claim process. This means that when incidents are confirmed by our community, resolution is fast.
Join us in our mission to cover, protect, and secure on-chain digital assets.
Official Website: https://neptunemutual.com
Blog: https://blog.neptunemutual.com/
Twitter: https://twitter.com/neptunemutual
Reddit: https://www.reddit.com/r/NeptuneMutual
Telegram: https://t.me/neptunemutual
Discord: https://discord.gg/2qMGTtJtnW
YouTube: https://www.youtube.com/c/NeptuneMutual
LinkedIn: https://www.linkedin.com/company/neptune-mutual
