Welcome to The Notorious Bug Digests!
This is a quarterly recollection of the most relevant bugs identified in the monthly digests. The aim of this post is to share knowledge and raise awareness about recent hacks and vulnerability disclosures. It is formed through crowdsourcing submissions and features valuable external research. These are the top reads from some of our security auditors, so if you are looking to learn more about the latest attacks and bugs in the crypto security space, read below!
Acknowledgment: This initiative was initially developed by former OpenZeppelin researcher Tincho! We are continuing the legacy and sharing externally to help keep the Web3 ecosystem up to date on the latest hacks. Thanks @tinchoabbate.
Contributors from OpenZeppelin: Nikita Stupin, Yuguang Ipsen, Nahuel Sanchez, Clark Henry, Stephen Lloyd Weber, Anton Livaja, Vlad Estoup.
Table of Contents:
January 2023
Multi-Block Maximum Extractable Value (MMEV) Vulnerability Threatens Governance Contracts
Multi-block maximum extractable value (MMEV) could become a growing concern for governance contracts. MMEV allows a validator to have control over multiple blocks and manipulate voting in their favor. By using MMEV, a user can purchase all liquid tokens on dexes, cast a vote, and sell the tokens on the next block, only incurring exchange fees. This vulnerability poses a significant threat to governance protocols, especially as MEV protocols like Flashbots begin to incorporate multi-block MEV, potentially eliminating the need for validators to execute the attack. If a user takes advantage of MMEV to gain a cheap voting advantage, it could erode confidence in the protocol's governance. To mitigate this vulnerability, implementing token locking on governance/voting tokens could be a solution. However, each protocol must determine the best way to address this issue based on its specific requirements.
Read more here.
Hack Analysis: 0xbaDc0dE MEV Bot
In September 2022, a MEV bot called 0xbad was hacked on the Ethereum blockchain, resulting in the loss of around 1,101 WETH, equivalent to $1.46m on the day of the exploit. The bot had earned around $1m profit from a single arbitrage transaction just 30 minutes prior to the hack, marking the end of a successful 75-day period of MEV transactions. The smart contract source code for 0xbad is not verified or published on Etherscan, making it difficult to analyze. The article analyzes the vulnerability exploited in the smart contract without source code and investigates past transactions and bytecode using decompiling tools to determine the vulnerability. Finally, the article concludes by highlighting the significance of implementing proper security measures in smart contracts to prevent hacking attempts.
Read more here.
Post-Mortem of Recent MLP Impact: the ETH-USD Price Feed Arbitrage
On January 5th, 2022, Mycelium Swaps experienced issues with upstream data causing degradation in the MLP price due to a trader rapidly trading against it. The incident response team decided to prevent all trading on the platform to protect LPs, identified the cause of the issue, implemented a patch, and performed a full system review before re-enabling trading. The root cause was traced back to IP blocking and the use of only two price feeds, allowing traders to arbitrage and causing a slow drain of MLP. As a result, MLP holders experienced a loss of 4.5%. The team is taking actions to make LPs whole, including directing fees towards rewards and distributing them among LPs, MYC stakers, and traders. Changes have been made to mitigate future events, such as monitoring and alerting on each individual data provider and restoring Binance data using the read-only API endpoint. The team also reassessed all data providers and decided to remove FXS from the MLP composition. Data providers for fast price feeds have been updated, and there is a fallback to Chainlink price feed oracles if the price falls outside of a price deviation threshold.
Read more here.
February 2023
Helping Secure BNB Chain Through Responsible Disclosure
Jump Crypto discovered a vulnerability in the BNB Beacon Chain that would have allowed an attacker to mint an infinite number of BNB, potentially resulting in a large loss of funds. They privately disclosed the issue to the BNB team, who developed and deployed a patch in less than 24 hours, preventing any malicious exploitation or loss of funds. The vulnerability was caused by the use of int64 instead of bigInt (deviation from the upstream Cosmos SDK) for the Amount field in the Coin type, which can silently over- and underflow. The vulnerability was exploited via a MsgSend message handler, where the code did not verify that the Outputs array didn't create tokens out of thin air.
Read more here.
Balancer Logic Error
A high severity vulnerability was reported to the Balancer protocol by whitehat @0xriptide. The vulnerability allowed liquidity providers to submit duplicate claims to drain all the Merkle Orchard’s assets from the Vault. At the time of the report submission, Balancer Vaults held around $3.2m of vulnerable funds. Balancer awarded the whitehat a 50 ETH bounty due to the report’s relevance, even though the Merkle Orchard contract was not part of the bug bounty program’s scope.
The Merkle Orchard contracts were implemented in late 2021 to distribute token incentives before the Balancer protocol migrated to their new ve-tokenomics in early 2022. The vulnerability was found in the function that processed an array of claims, allowing duplicate claims to bypass the function for setting bits in a bitmap which tracks the committed claims.
To exploit the issue the attacker would supply the array of duplicate claims. Balancer mitigated the issue by creating new distributions to move Merkle Orchard tokens to the Balancer Treasury address on each network Balancer is present on.
Read more here.
March 2023
Euler Finance Exploited for $197M
Euler Finance had an incident on March 13th at approximately 08:50 UTC. The vulnerability exploited in the incident is due to how Euler Finance permits donations to be performed without a proper account health check, and the vulnerable code was introduced in EIP-14. The attacker was able to create an over-leveraged position and liquidate it themselves, resulting in a violator with a significant amount of "bad debt" and a liquidator with an over-collateralization of their debt. The donateToReserves function, which caused the vulnerability, was out of scope for any audits conducted by the team, which highlights the importance of comprehensive security audit scopes.
Read more here.
Honorable Mentions
Here are some additional bugs that caught our attention:
- Sperax's USD logic bug writeup
- 1M Truncating error on Polkadot's Frontier pallet
- A classic integer overflow that led to a 600k loss
In order for Web3 to continue to innovate safely, it’s important for smart contract developers to stay up to date on the most recent bugs, hacks and attack vectors. To continue the discussion and stay ahead of the latest hacks, vulnerability disclosures, and security best practices follow us on Twitter @OpenZeppelin.