🧵 $22.7M loss across three projects due to one lazy nature: "We, as a protocol, will make sure that we are the first depositor." Bug : Share inflation on empty vaults escalated to Hundred Finance type attack.

https://t.co/mS3XVYcggM

I’m happy to share that I’ve joined the @immunefi All-Stars! Looking forward to working with the top bug hunters in the space 🐞

I'm excited to share that I've joined the @CantinaXYZ Fellows team https://t.co/v6MpKxpGyh

This incident shows why Web3 needs platforms like @immunefi , @sherlockdefi , and @code4rena , which ensure every aspect of protocol security is thoroughly addressed before and after a bug is discovered.

Middas Protocol: Contacting them on 25th May 2023 about a bug, they didn't acknowledge it and stop responding. On 17th June 2023, Middas Capital got rekt, losing $600K. Here's a snapshot of my conversation with their c0-founder before the incident Bug : https://t.co/b1e8XzKZdo

So on 2nd Nov 2023 attacker exploited this via the new oPEPE pool, stealing $2.2M. Onyx Protocol paid me a bounty of $10k, but unfortunately, they were unable to change the code and got rekt. Bug description :

Onyx Protocol: On 28th March 2023, I submitted a bug via email. At that time, two live vaults' funds were at risk. The protocol resolved it by manually burning the LP but didn't update their factory contract.Thus, only these two pools were secure, while new ones remained at risk

This led to a huge loss of around $20M on 14th May 2024 by attacker executing scheduled operations leading to share inflation on empty vault. https://t.co/4vyMPnE6n1

SonneFinance: On 27th November 2022, I submitted a bug which they acknowledged. They rewarded me with $3k. However, during an upgrade, they argued that they were already doing instant deposits before creating the markets and didn't change the code.

Projects : SonneFinance : Loss $20M. OnyxProtocol : Loss $2.1M. MidasCapitalXYZ : $600K.

Before the attacks, I had already reached out to all three projects, warning them far in advance. Despite my reports about this bug, protocols didn't updated their codebases. My main recommendation: Mint some shares directly through code to be fully secure. Here’s what happened:

Me: Since this morning

Thank you @immunefi and everyone for the wishes! Here is a detailed thread about the bug I submitted. https://t.co/eAXXWjR6SF

This is how the initial condition can be achieved to carry out the inflation of share price. Such inflation opens up various attack vectors, particularly in lending protocols. See how it was done in wise lending here: https://t.co/5E6lch0mNv

Using this, the attacker can inflate the price of a share even if total assets are being tracked internally.

Now the totalAssets would have been increased to 11+1 = 12, and totalSupply stays at 1+0= 1. See below table to see what happens if a user continues to deposit an amount = totalAssets -1 in a loop. See below to visualize it. With only 75 loops, it increases to more than 10k ether

Above, we have achieved the initial conditions where totalSupply = 1 and totalAssets = 11. Now, if a user deposits 1 wei of assets, the shares minted to them would be calculated as (amount * totalSupply) / totalAssets = (1 * 1) / 11 = 0.09, which rounds down to 0.

New Exchange Rate: The total amount of underlying tokens is 11 wei, and the total supply of shares is 1 wei. Therefore, the new exchange rate is 11:1 (11 underlying tokens for 1 share).

Final State: • Total shares: 1 wei (held by Account 2). • Total Deposits: 11 wei (10 wei from Account 1 + 1 wei from Account 2), due to the dust amount created when Account 1's balance was zeroed.