The embankment of a thousand miles was destroyed by an anthill Fortress Protocol was attacked

On May 9, 2022, Beijing time, Zhichuangyu Blockchain Security Lab detected that Fortress Protocol, the BSC chain lending protocol, was attacked due to an oracle problem. This is the third oracle attack incident detected by the laboratory recently. The loss includes 1,048 ETH and 400,000 DAI , totaling about 300W USD. At present, AnySwap and Celer have been used to cross-chain to Ethereum and use Tornado for currency mixing.

Know that Chuangyu Blockchain Security Lab tracked and analyzed this incident for the first time.

Attacked Comtroller: 0x01bfa5c99326464b8a1e1d411bb4783bb91ea629

Attacked oracle address: 0xc11b687cd6061a6516e23769e4657b6efa25d78e

Attacker address: 0xA6AF2872176320015f8ddB2ba013B38Cb35d22Ad

Attack contract: 0xcD337b920678cF35143322Ab31ab8977C3463a45

tx: 0x13d19809b19ac512da6d110764caee75e2157ea62cb70937c8d9471afcb061bf

This project is still an imitation disk of Compound, but because the project party has annotated the original inspection in the oracle machine, it does not need enough power to tamper with the price through 0xc11b687cd6061a6516e23769e4657b6efa25d78e#submit;

The attacker borrowed assets from other pools by changing the price of FTS in the agreement. The loan pools in the market are as follows:

1. The attacker purchased FTS tokens and voted for adding FTS as collateral through a proposal, and the proposal ID is 11;

2. Change the price of FTS by calling the oracle submit function;

3. The attacker uses 100 FTS as collateral to call enterMarket to enter the market;

4. Due to problems in the calculation of the value of FTS by the market price, the attacker uses the collateral to directly call borrow to borrow;

Assets Borrowed:

5. Since the 100 FTS has no value and does not need to be retrieved, the attacker will still use the other FTS used in the first step to completely cash out in the Pancake exchange.

The reason for this attack is that there is a problem with the use of the Compound imitation disk in the oracle. Recently, a large number of Compound imitation disk projects have been attacked. We urge all project parties that forked Compound to take the initiative to conduct self-examination. The currently known attacks are mainly due to the following problems:

The embankment of a thousand miles is destroyed by ant nests. It can be seen from the internal call that the attacker used getAllMarkets to traverse and obtain the underlying assets of all markets in turn and cash out FTS completely. It is recommended that the project party must have a full understanding and sufficient third-party security audits for their own different implementations. A small error may lead to the total loss of the project.