Summary
On May-16–2022 11:31:29 +UTC, the FEG token has experienced flashloan attacks on both BNBChain and Ethereum, leading to approximately $1.9M worth of asset loss in total.
Exploit Transactions
Sample exploit transaction(BNBChain):
https://bscscan.com/tx/0xe956da324e16cb84acec1a43445fc2adbcdeb0e5635af6e40234179857858f82
Sample exploit transaction(Ethereum):
https://etherscan.io/tx/0xc0031514e222bf2f9f1a57a4af652494f08ec6e401b6ae5b4761d3b41e266a59
Related Addresses
Exploiter Address:
https://bscscan.com/address/0xf99e5f80486426e7d3e3921269ffee9c2da258e2
R0X(Unverified): https://bscscan.com/address/0xa3d522c151ad654b36bdfe7a69d0c405193a22f9
fBNB(Victim contract): https://bscscan.com/address/0x87b1acce6a1958e522233a737313c086551a5c76
Attack Flow
Note: All the below analysis is based on the transaction level analysis. As the R0X contract is unverified on bscscan, there’s no decisive evidence to show the attack logic.
- The attacker borrowed 57,790 WBNB and deposit 30 WBNB to fBNB
- The attacker created a new address 0x3985aa71315a7aa4df3cb19602d61465a8850f61
- The attacker called the `depositInternal()` function in the unverified R0X contract to deposit 56,705 fBNB to the R0X contract
- The attacker created a new address 0x23a5bfa77cccf71f1015fe5f97c8c9c43706fec4
- The attacker called 15 times of `BUY()` functions to further deposit the fBNB for R0X contract address
- The attacker called the `swapToSwap()` function to approve the `path` (0x23a5bfa77cccf71f1015fe5f97c8c9c43706fec4) to spend 56138 fBNB
7. The attacker called 30 times of `SELL()` functions to withdraw the deposited fBNB (to address 0x3985aa71315a7aa4df3cb19602d61465a8850f61)
8. Additionally, the address 0x23a5bfa77cccf71f1015fe5f97c8c9c43706fec4 called `0xe6916552` method to transfer the approved fBNB to address 0x3985aa71315a7aa4df3cb19602d61465a8850f61.
9. Finally, the attacker withdrew all the fBNB, repaid the flashloan and the rest served as the profit.
Contracts Vulnerability Analysis
This vulnerability is due to a flaw in the “swapToSwap()” function that directly takes user input “path” as a trusted party yet without any sanitations. Furthermore, the function will approve the unprotected “path” parameter to spend the asset in the current address. By calling “depositInternal()” and “swapToSwap()”, the attacker is able to launch an attack that gains a certain allowance and thus drains assets within the contract.
Profit and assets tracing
Attacker fund transfer tracing:
https://debank.com/profile/0xf99e5f80486426e7d3e3921269ffee9c2da258e2/history
Original Funds were from Tornado cash on BNBChain:
https://bscscan.com/tx/0x64b2995233677c6d21a389d58494de2f304dc13dda5a582c5177353e693f12a5
https://etherscan.io/tx/0x99fe2c5ab36ede9a6bb7da98360a7f08236755cdac066b118b840d8b9c00e307
https://etherscan.io/tx/0xc0031514e222bf2f9f1a57a4af652494f08ec6e401b6ae5b4761d3b41e266a59
=> 290.97 ETH
https://bscscan.com/tx/0xe956da324e16cb84acec1a43445fc2adbcdeb0e5635af6e40234179857858f82
=> 4343.15 BNB
As of May-16–2022 11:31:29 +UTC , the funds lies in the attacker wallet(0xf99e5f80486426e7d3e3921269ffee9c2da258e2) on both Ethereum and BSC chain.
Would we spot the issue during the audit?
In an audit, auditors would notice that the untrusted “path” parameter is passed to the protocol and approved for spending assets of the contract. This would is dangerous and would be flagged as “Major’ severity. Furthermore, if the auditors explored deeper they would discover the exploit scenario and highlight it.
https://docs.fegtoken.com/smartdefi/r0x-token
https://github.com/fegarmy/Contracts/tree/main/contract
- 0xbbf12714: depositInternal(address,uint256)
- 0xc172715c: BUY(uint256,address,uint256)
- 0xb0711483: swapToSwap(address,address,address,uint256)
- 0xadd975cc: SELL(uint256,address,uint256,uint256)
Reference
On May-16–2022 09:24:15 PM +UTC, the FEG token has experienced [flashloan attacks] on BNBChain, leading to approximately $1.3M worth of asset loss.
On May-16–2022 11:31:29 +UTC, the FEG has experienced [flashloan attacks] on Ethereum, leading to approximately $587K ($590) worth of asset loss.
