FEG Token Second Flashloan Exploit Analysis
On May-16–2022 11:31:29 +UTC, the FEG token has experienced flashloan attacks on both BNBChain and Ethereum, leading to approximately $1.9M worth of asset loss in total.
Sample exploit transaction(BNBChain):
Sample exploit transaction(Ethereum):
fBNB(Victim contract): https://bscscan.com/address/0x87b1acce6a1958e522233a737313c086551a5c76
Note: All the below analysis is based on the transaction level analysis. As the R0X contract is unverified on bscscan, there’s no decisive evidence to show the attack logic.
- The attacker borrowed 57,790 WBNB and deposit 30 WBNB to fBNB
- The attacker created a new address 0x3985aa71315a7aa4df3cb19602d61465a8850f61
- The attacker called the `depositInternal()` function in the unverified R0X contract to deposit 56,705 fBNB to the R0X contract
- The attacker created a new address 0x23a5bfa77cccf71f1015fe5f97c8c9c43706fec4
- The attacker called 15 times of `BUY()` functions to further deposit the fBNB for R0X contract address
- The attacker called the `swapToSwap()` function to approve the `path` (0x23a5bfa77cccf71f1015fe5f97c8c9c43706fec4) to spend 56138 fBNB
7. The attacker called 30 times of `SELL()` functions to withdraw the deposited fBNB (to address 0x3985aa71315a7aa4df3cb19602d61465a8850f61)
9. Finally, the attacker withdrew all the fBNB, repaid the flashloan and the rest served as the profit.
Contracts Vulnerability Analysis
This vulnerability is due to a flaw in the “swapToSwap()” function that directly takes user input “path” as a trusted party yet without any sanitations. Furthermore, the function will approve the unprotected “path” parameter to spend the asset in the current address. By calling “depositInternal()” and “swapToSwap()”, the attacker is able to launch an attack that gains a certain allowance and thus drains assets within the contract.
Profit and assets tracing
Attacker fund transfer tracing:
Original Funds were from Tornado cash on BNBChain:
=> 290.97 ETH
=> 4343.15 BNB
As of May-16–2022 11:31:29 +UTC , the funds lies in the attacker wallet(0xf99e5f80486426e7d3e3921269ffee9c2da258e2) on both Ethereum and BSC chain.
Would we spot the issue during the audit?
In an audit, auditors would notice that the untrusted “path” parameter is passed to the protocol and approved for spending assets of the contract. This would is dangerous and would be flagged as “Major’ severity. Furthermore, if the auditors explored deeper they would discover the exploit scenario and highlight it.
assets/blockchains/smartchain/assets at main · fegexchange/assets
Asset repo for tokens listed on FEGex. Contribute to fegexchange/assets development by creating an account on GitHub.
- 0xbbf12714: depositInternal(address,uint256)
- 0xc172715c: BUY(uint256,address,uint256)
- 0xb0711483: swapToSwap(address,address,address,uint256)
- 0xadd975cc: SELL(uint256,address,uint256,uint256)
On May-16–2022 09:24:15 PM +UTC, the FEG token has experienced [flashloan attacks] on BNBChain, leading to approximately $1.3M worth of asset loss.
On May-16–2022 11:31:29 +UTC, the FEG has experienced [flashloan attacks] on Ethereum, leading to approximately $587K ($590) worth of asset loss.