Analysis of the attack on the WooPPV2 contract project on the Arbitrum chain

Source: Beosin

Late night on March 5, 2024, Beijing time, According to the Beosin Trace platform, the WooPPV2 contract project on the Arbitrum chain was subject to a price manipulation attack, causing a loss of approximately US$8.5 million. Hackers used flash loans to lend USDC.e and Woo tokens, and then conducted frequent token exchanges through the WooPPV2 contract. Due to flaws in the price calculation of the WooPPV2 contract, hackers were able to manipulate the price during the exchange process, resulting in the theft of a large number of Woo tokens. The Beosin security team analyzed this incident immediately.

Vulnerability Analysis

WooPPV2 Contract There is a swap function in Users can call this function to exchange tokens. This is mainly the exchange between USDC.e and Woo (the following is analyzed based on the exchange between USDC.e and Woo), where the function The quoteToken variable in represents USDC.e.

_sellQuote function The logic of the _sellBase function is similar. It calculates the number of tokens to be exchanged based on the price, and then sends the tokens to the caller. _sellQuote is the function called when the caller uses USDC.e to redeem Woo tokens. The main functions are state and _calcBaseAmountSellQuote. state is used to return the structure that saves the Woo price. _calcBaseAmountSellQuote is the user's calculated exchange amount and new price. The function.

Next we look at _calcBaseAmountSellQuote Function implementation logic, baseAmount is the calculated exchange amount, the main logic is to divide the USDC.e amount by the price of Woo to get the amount of Woo that can be exchanged, and then calculate the new price after exchange based on the current price and exchange amount .

_sellBase function and _sellQuote function The same, except that the _calcQuoteAmountSellBase function is slightly different. The main logic is to multiply the Woo quantity by the Woo price to get the quantity of USDC.e that can be exchanged.

According to the exchange logic we can find One question,The calculation logic of this exchange quantity is different from the constant product model of traditional swaps such as Uniswap. This model directly calculates the quantity by multiplying and dividing the price, so that there is no slippage in the exchange process, but the price will change with the change. Changes with exchange. If the caller calculates carefully, he can extract the tokens inside.

For example:

If There are initially 1,000 A tokens and 1,000 B tokens in the pool, and the price of B tokens is 1. Then if you use 500 A tokens, you can exchange for 500 B tokens. At this time, the pool becomes 1500:500, and the B token price will increase, for example, to 2. Next, use the 500 B tokens exchanged to exchange for 1,000 A tokens. The final pool becomes 500:1,000, and 500 A tokens are extracted out of thin air.

In this incident, the attacker used this security issue. Let’s take a look at how the attacker carried out the attack.

Attack process

This time The attacker used the same attack method many times. Here we take the transaction 0xe80a16678b5008d5be1484ec6e9e77dc6307632030553405863ffb38c1f94266 as an example.

1. The attacker lent more than 10 million USDC.e and 2.72 million Woo tokens through flash loans.  

2. Next , the attacker used 100,000 USDC.e to exchange Woo tokens three times. At this time, you can see that the price of Woo is still at the normal price. The attacker currently holds more than 8 million Woo tokens.  

3. Next , the attacker directly used more than 8 million Woo tokens to exchange for USDC.e. Due to the above problems, at this time, more than 8 million Woo tokens were all exchanged at normal prices, and more than 2 million USDC.e were exchanged, and according to The above formula calculates that the price of Woo at this time is 7, which is nearly 10 million times smaller.

4. Finally, due to Woo The token price was extremely small, which led the attacker to use very little USDC.e to exchange more than 8 million Woo tokens, and finally returned the flash loan and left.

< strong>Fund Tracking

After the hack, the attacker transferred 200 ETH to Ethereum through the cross-chain bridge At the address on the Arbitrum chain, the remaining 2,000 ETH are stored at the address on the Arbitrum chain. As of press time, none of the funds have been moved.

In view of the price manipulation attack that occurred on the Arbitrum chain, we must be aware of the security risks in the field of virtual assets importance.