How was Euler Finance Exploited?

TL;DR

On March 23, 2023, Euler Finance was exploited in a series of transactions, resulting in a total loss of approximately $200 million.

Introduction to Euler Finance

Euler Finance is a UK-based startup that uses the power of mathematics in order to create high-performance, non custodial products on Ethereum and other blockchains.

Vulnerability Assessment

The vulnerability occurred because Euler Finance permitted donations without having an account health check. The exploit lies in the change made to the EToken implementation, specifically in the donateToReserves function.

This issue was introduced through Euler Improvement Proposal 14 that made multiple changes in its ecosystem. The changes were also the subject of a number of security audits, but the security audit firms were not able to find the vulnerabilities. According to the team, this vulnerability remained on-chain for 8 months, until it was exploited.

The Liquidation module will try to pay off the full debt of the violator. However, the protocol will default to whatever collateral the user has if their collateral doesn’t meet the expected repayment yield. This was possible when a borrower had multiple collaterals, and taking them all away won’t make the violator solvent again.

Steps

Step 1:

We attempted to analyze one of the attack transactions executed by the exploiter.

Step 2:

The hacker first took a flash loan of 30 million $DAI from AAVE and deposited 20 million $DAI on the Euler Protocol to receive 20 million $eDAI.

Step 3:

They then invoked a call to the mint function in order to borrow approximately $200 million in eDAI (collateral assets) and $200 million in dDAI (debt assets), thereby scaling their DAI balance up by 10 folds.

Step 4:

The attacker deposited 10 million $DAI via the repay function, repeated the above procedures again, and then invoked the donate to reserve call to burn $100 million worth of eDAI. Because of this, the amount of dDAI were greater than the held amount of eDAI, which effectively skipped their liquidation checks and made them liquidatable.

Step 5:

Therefore, as the ratio of the collateral assets in eDAI to the debt assets in dDAI was less than 1, this allowed the liquidator to liquidate the attacker’s debt without transferring funds to the protocol.

Step 6:

The attacker withdrew approximately 38 million $DAI from the contract and repaid the borrowed flash loan back to AAVE, making a profit of roughly 8.9 million $DAI.

Step 7:

The exploiter also repeated the attacks on other pools, for which the attack transactions reference are listed alongside: Transaction 2, Transaction 3, Transaction 4, Transaction 5, Transaction 6

Step 8:

At the time of this writing, the hacker has held 8080 $ETH worth approximately $13.5 million in this address, and 88,651 $ETH worth $148,449,041 plus 43,063,733 $DAI totaling approximately $191.49 million in this address.

Step 9:

The exploiter has also transferred 100 $ETH worth approximately $158,000 to Tornado Cash.

Aftermath

Following the attack, the price of Euler native $EUL token fell by 50%.

The team stopped the attack as soon as possible by disabling the EToken module, which blocked deposits, and the vulnerable donation function. The team stated that they would continue to work with their security partners, law enforcement agencies, and the security community as a whole in order to resolve this unprecedented incident. Additionally, they have also contacted the individuals behind the exploit in order to learn about their available options.

Solution

It is critical to understand that no security measure is perfect, but implementing rigorous security standards can greatly reduce the risk of all such attacks on DeFi protocols. These standards can aid in identifying and addressing potential attack vectors before they are exploited by attackers.

We may not have prevented the occurrence of this hack, however the impact or aftermath of this attack could have been significantly reduced if Euler Finance had set up a dedicated cover pool in the Neptune Mutual marketplace. We offer coverage to users who have suffered a loss of funds or digital assets occurring as a result of smart contract vulnerabilities owing to our parametric policies.

Users who purchase the available parametric cover policies do not need to provide loss evidence in order to receive payouts. Payouts can be claimed as soon as an incident is resolved through the incident resolution system. At the moment, our marketplace is available on two popular blockchain networks, Ethereum, and Arbitrum.

Neptune Mutual’s security team would also have evaluated the platform for DNS and web-based security, frontend and backend security, intrusion detection and prevention, and other security considerations.

Reference Sources Beosin, BlockSec, Sherlock

About Us

Neptune Mutual project safeguards the Ethereum community from cyber threats. The protocol uses parametric cover as opposed to discretionary insurance. It has an easy and reliable on-chain claim process. This means that when incidents are confirmed by our community, resolution is fast.

Join us in our mission to cover, protect, and secure on-chain digital assets.

Official Website: https://neptunemutual.com
Marketplace: https://neptunemutual.com/marketplace
Blog: https://neptunemutual.com/blog/
Twitter: https://twitter.com/neptunemutual
Reddit: https://www.reddit.com/r/NeptuneMutual
Telegram: https://t.me/neptunemutual
Discord: https://discord.gg/2qMGTtJtnW
YouTube: https://www.youtube.com/c/NeptuneMutual
LinkedIn: https://www.linkedin.com/company/neptune-mutual