Punk Protocol Fair Launch Incident Report
Dear Fair Launch Participants, We apologize for the inconvenience and distress this may have caused amongst our users, and with a heavy heart, we are very sorry to announce that the contract was exploited to result in more than $8.9M loss. We know for a fact that security stands as an ultimate priority in DeFi protocol. We were able to learn and engrave that once again. We will take the responsibility of the loss and address the right and the wrong made to the protocol.
A favorable part is that we recovered the amount of about $4,954,250 and were able to transfer the amount to a safe wallet.
- An issue occurred
An attacker exploited funds of (2,995,824.696852 USDC), (3,000,022.7862 USDT), (2,954,191.544042759328963399 DAI) from Forge-CompoundModel through a crucial flaw in charge of the investing strategy. Fortunately, a white-hat hacker noticed this attempt of attack with a bot and made a transaction, which was executed before the original. And we were able to make a partial recovery, $4,954,250.
The First attack transaction:
https://etherscan.io/tx/0x7604c7dd6e9bcdba8bac277f1f8e7c1e4c6bb57afd4ddf6a16f629e8495a0281
The transaction from the white-hat hacker:
https://etherscan.io/tx/0x597d11c05563611cb4ad4ed4c57ca53bbe3b7d3fefc37d1ef0724ad58904742b
However, the fund of (2995824.696852 USDC) was impossible to track down since it has already been transferred via Tornado.Cash and withdrawn. (Tornado Cash is a decentralized protocol for private transactions ensuring deposit and withdrawal addresses can’t be linked.)
- Breakdown of the Exploit
Even though it recognized the transaction of the first hacker, 2,995,824.696852 USDC was transferred to the first hacker’s wallet. That was swapped to 959.971883753263138155 ETH on 1inch DEX and transferred to Tornado.Cash. The first hacker continued exploitation on 45,100.316929627664457057 DAI from Dai_Forge. Later, he/she swapped to 14.31264752402466228 ETH and transferred to Tornado.Cash the same way he/she did with USDC.
12:03:26 PM UTC+0, Punk Protocol attempted contact with the white-hat hacker, keeping the DAI and USDT at the moment, via etherscan’s note. And below is the note.
In the meantime, the white-hat hacker, who noticed the attack, executed a transaction prior to the one of the first hacker with the Front run Bot and succeeded in benefiting 2,954,191.544042759328963399 DAI and 3,000,022.7862 USDT.
https://etherscan.io/tx/0x4c8072a57869a908688795356777270a77f56ae47d8f1d869be0d25e807e03b1
Continued below are the e-mails from/to the white-hat hacker.
We have agreed to the white-hat hacker’s opinion. We stated that we will be reimbursing the stablecoins invested and was able to recover 3,000,059.381173 USDT + 1,954,191.544042759382372963 DAI after paying a fee of 1M DAI up to approximately 16% of the retrieved. The recovered stabecoins are safely transferred to a following wallet address and it will be used as compensation for the Fair Launch participants.
- Postmortem — cause and analysis of the issue
There was an issue Modifier of Initialize function was missing on CompoundModel code, which can explain the transfer. The hacker’s attack executed <delegateCall> to insert the attacker’s contract address in where the 1st <forgeAddress> among the parameters of <Initialize> function from <CompoundModel> is supposed to be. And later, it executed <withdrawToForge> function and sent all funds to the attacker’s contract. All <CompoundModel> linked to <Forge> was using the same code, so all the assets were transferred to the attacker’s contract. Below is the list of parameters for successful attack through the attacker’s contract. And printed are the order and the list of the functions performed through Signature of the function.
https://etherscan.io/tx/0x7604c7dd6e9bcdba8bac277f1f8e7c1e4c6bb57afd4ddf6a16f629e8495a0281
The six addresses below are delivered to Initialize function of CompoundModel. The value of the first address was originally Forge’s address. However, Initialize function was proceeded due to absence of “initializer” Modifier.
1. 0x00000000b2ff98680adaf8a3e382176bbfc34c8f (AttackContract)
2. 0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48 (USDC)
3. 0x39aa39c021dfbae8fac545936693ac917d5e7563 (cUSDC)
4. 0xc00e94cb662c3520282e6f5717214004a7f26888 (COMP)
5. 0x3d9819210a31b4961b30ef54be2aed79b9c9cd3b (Comptroller)
6. 0x7a250d5630b4cf539739df2c5dacb4c659f2488d (UniswapRouterV2)
setForge(address) function is executed in initialize function. This is a function to modify Forge’s address.
The functions <withdrawTo> and <withdrawToForge>, responsible for withdrawing from CompoundModel can only operate the Forge contract since it has “OnlyForge” Modifier. However, the initialize function can be operated indefinitely. So, the address of Forge has been changed to the attacker’s contract address. Therefore, the withdrawal was done without the intention of the functions, <withdrawTo> and <withdrawToForge>
It is confirmed that among those transactions, the object of withdrawTo from CompoundModel-USDC is Tornado.Cash.
It is confirmed that the object of withdrawTo from CompoundModel-USDC is AttackContract(0x00000000b2ff98680adaf8a3e382176bbfc34c8f). And later, it was transferred to the white-hat hacker’s address.
CompoundModel at the moment has an issue that it operates Initialize function indefinitely. Please DO NOT make any deposit or transfer.
- Compensation plan
Currently, we are unable to recover part of the lost funds($4M). However, we choose to compensate depositors unconditionally and in a swift manner. We are currently working on the best way to handle this situation. We will keep you updated about a proper and specific compensation plan within the next 48 hours. The deposit and withdrawal service will be suspended during this period, but it is possible to send transactions through all contracts so please do not send your funds or make any transactions directly to the contracts. We will restore the service gradually after ensuring a safe state and keep you updated.
+We’ve sent transactions including messages to other hackers and We’ll do everything in our power to assist and protect the community.
Please stay updated with the latest announcements and important updates on our Discord channel.
Once again, we are truly sorry that this happened.
-From all contributors of Punk Protocol