Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Yearn yUSDT exploit-20230412 #2

Open
zt-9 opened this issue Apr 14, 2023 · 0 comments
Open

Yearn yUSDT exploit-20230412 #2

zt-9 opened this issue Apr 14, 2023 · 0 comments
Labels
exploit analysis

Comments

@zt-9
Copy link
Owner

zt-9 commented Apr 14, 2023
edited
Loading

On April 12, 2023, Yearn yUSDT was exploited, resulting in a loss of 11.6 million.
attacking transaction

The Yearn yUSDT pool mints yUSDT share tokens for users when they deposit USDT into the pool. Due to a misconfiguration of the Fulcrum token, the attacker is able to manipulate the share price and profits 11.6 million from the attack. The attacker withdraws from the yUSDT pool after inflating the share price and deposits into yUSDT after deflating the share price.

Unlike normal exploits, the attacker is not the only one who benefits from the exploit. AAVE V1 users' USDT loans were repaid by the attacker.

The attacker first deposits USDT into the pool to get some yUSDT. To inflate the share, the attacker mints some Fulcrum USDC to the yUSDT pool. Because of the share inflation, attacker is able to withdraw more USDT from the yUSDT pool.

function _calcPoolValueInToken() internal view returns (uint) {
    return _balanceCompoundInToken() // Compound USDT balance
      .add(_balanceFulcrumInToken()) // Fulcrum USDC iToken (iUSDC)
      .add(_balanceDydx()) // Dydx balance
      .add(_balanceAave()) // aUSDT 
      .add(_balance()); // USDT balance
  }

Next step is to deflate the share price.

yUSDT pool supplies USDT in the pool to providers like AAVE based on the provider APR. If a new provider has better APR , users can call rebalance() function to redeem all the token from all providers and supply those USDT to the new Provider. If everything’s configured right, the pool value shouldn’t change after rebalance.

Before the attack, AAVE V1 is the only provider with non-zero APR. To manipulate the provider APR and switch the provider, the attacker repay USDT loans for AAVE V1 users and lower the AAVE apr to zero. Now all the provider has zero APR. So after rebalance(), USDC tokens are redeemed from the Fulcrum USDC pool. Because of the misconfiguration of the Fulcrum USDC, pool balance become zero after rebalance. Share price is one for empty Pool, which means attacker can get yUSDT with a much cheaper price.

Attacker now can deposit USDT into the yUSDT pool after deflating the share. Attacker later on swap the yUSDT to other tokens in the Curve y Swap pool.

function rebalance() public {
    Lender newProvider = recommend();

    if (newProvider != provider) {
      _withdrawAll();
    }

    if (balance() > 0) { // USDT balance
      if (newProvider == Lender.DYDX) {
        supplyDydx(balance());
      } else if (newProvider == Lender.FULCRUM) {
        supplyFulcrum(balance());
      } else if (newProvider == Lender.COMPOUND) {
        supplyCompound(balance());
      } else if (newProvider == Lender.AAVE) {
        supplyAave(balance());
      }
    }

    provider = newProvider;
  }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
exploit analysis
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zt-9