Ten Million Dollars Stolen - DeFi Platform MonoX Money Hack Analysis

According to Slow Fog Zone news on November 30, 2021, the DeFi MonoX Financial platform was attacked and approximately $ 18.2 million from WETH and $ 10.5 million from MATIC were stolen. Other hackers include WBTC, LINK, and GHST .; The total losses for DUCK, MIM and IMX were around $ 31 million. The SlowMist security team is the first to present a brief review and share:

base nres

The point of this argument is that the swap contract does not identify if the tokens exchanged by the pool and the tokens exchanged are the same, but using the negative value of the new exchange rate, when the attacker sends the same token, the symbolic value. counted and used twice, the value of the tokens continues to increase and the tokens are exchanged for other tokens in the pool to earn money.

Related information

MonoX is a new DeFi technology that uses the same unique design for liquid water. This is accomplished by integrating deposit tokens and stable vCASH into the virtual marketplace. Among them, the first single token liquidity pool application is Monoswap, an automated company that will start in October 2021.

Address of attacker 1:

0xecbe385f78041895c311070f344b55bfaa953258

Address of attacker 2:

0x8f6a86f3ab015f4d03ddb13abb02710e6d7ab31b

Attack contract 1:

0xf079d7911c13369e7fd85607970036d2883afcfd

Attack contract 2:

0x119914de3a03256fd58b66cd6b8c6a12c70cfb2

Attack Transaction 1:

https://etherscan.io/tx/0x9f14d093a2349de08f02fc0fb018dadb449351d0cdb7d0738ff69cc6fef5f299

Offensive chord 2:

https://polygonscan.com/tx/0x5a03b9c03eedcb9ec6e70c6841eaa4976a732d050a6218969e39483bb3004d5d

Strike details

1. First, the attacker calls Monoswap.swapExactTokenForToken.

0.1 TZS 79,986094311542621010 MONO.

2. Protesters benefit from the inability to remove resources for other pool users and get the most out of adding liquid to the pool.

The downside to removing runoff here is on Monoswap.sol lines 471-510. Once the effluents from the lake have been removed, the _removeLiquidityHelper function is called by the withdrawal Liquidity function, these two operations are called, it is referred to: Parameter ID proof allows direct removal of the liquid for each user of the pool.

Remove the fluid from 0x7b9aa6 and replace 1670.7572297649224 MONO and 6.862171986812230290 vCASH for 0x7b9aa6.

Remove the fluid from cowrie.eth and send 152.9745213857155 MONO and 0.628300423692773565 vCASH to cowrie.eth.

Remove the fluid from 0xab5167 and replace 99940.7413658327 MONO and 410.478879590637971405 vCASH for 0xab5167.

To counter Contract 1, create a capital layer in the MONO token liquidity pool.

3. The attacker then uses Monoswap.swapExactTokenForToken 55 times to further improve MONO's value.

The key to this attack is the swapExactTokenForToken function in Monoswap.sol, where the attacker ignores the MONO token so that the tokenIn and the tokenOut are the same token.

Follow the swapIn function.

You can see that the swapIn function calls the getAmountOut function to calculate the value. Then follow the getAmountOut function to see if the _getNewPrice function is used to calculate tokenInPrice and tokenOutPrice.

Follow the _getNewprice function, at this point counting the tokenInPrice, you will see that the txType parameter has exceeded the TxType.SELL.

The TxType parameter is passed when the tokenOutPrice is calculated as TxType.BUY. Right now:

If the entry and exit tokens are the same token, it is easy to determine that the tokenOutPrice is greater than the tokenInPrice because the 4 count differences are equal.

Since tokenIn and tokenOut are the same token, the swapIn function counts the value and then calls the _updateTokenInfo function again, so that the tokenOutPrice update overwrites the tokenInPrice update, which increases the token value. no.

4. Finally, the attacker calls the swapTokenForExactToken function to exchange the MONO for another token in the pool.

In the swapTokenForExactToken function, call the swapOut function, and in the swapOut function, call the getAmountIn function to calculate a value.

In this function, tokenInPoolPrice is the value of MONO tokens in the pool, and since this value has increased in the past, tokenInPrice becomes larger, so the final account value is smaller and the value is the same. is replaced by a smaller MONO. Many tokens in the pool such as WETH, WBTC, MONO, USDC, USDT, DUCK, MIM, IMX and more.

5. The attacker finally transfers the results of the strike to the address

0x8f6a86f3ab015f4d03ddb13abb02710e6d7ab31 ib.

The above is an analysis of the Ethereum keychain attacks, In addition to the Ethereum keychain attacks, the attackers carried out the same attacks on Polygon, and the attack is the same as the attack on Ethereum. Since this is a keychain, I won't go back too much here. To analyse.

According to statistics from SlowMist AML, MonoX Financial is around 2.1K WETH, 1.9M WMATIC, 36.1 WBTC, 143.4K MONO, 8.2M USDC, 9.1M USDT, 1.2K LINK, 3.5.1GHST, M DUCK, 4.MX9 and 4.1K. .

concludes

This attack takes advantage of the update rate problem by taking advantage of the fact that the swap contract does not identify tokens entering and leaving the pool. Since the exchange contract controls the cost of incoming and outgoing items, it was changed by a phone call. The same _upTokenInfo function, when the _upTokenInfo function is called the second time when the input and output tokens are the same token, the highest tokenOutPrice counted as the value will override the exchange value. It is used to further increase the value of the tokens in the pool, and finally, you can trade all the other tokens in the pool for a profit and exit the market.