Euler Finance Hack Analysis — Flash loan attack

Overview:

On March 13, 2023, A hack occurred in which Flash loans were used to exploit a logical flaw in Euler Finance’s recently launched donate liquidity feature. The hacker changed the conversion rate logic for borrowing and selling DAI tokens, causing the project to lose $197 million.

Smart Contract Hack Overview:

• Exploit Contract: 0xebc291,0x036ce,0xD3b7CE,0x0b812c
• Attacker’s Address: 0x5f259, 0xb2698c
• Attacker’s Transaction: 0xc310a0,0x47ac3
• Vulnerable Code: #L232, #354
• Euler’s Contract: 0xe025e3

Decoding the Smart Contract Vulnerability:

• The attacker acquired a flash loan of $30M DAI from AaveV2 to launch the exploit, and he set up two accounts — one as a borrower and the other as a liquidator.

• The attacker transferred 30M DAI to the borrower’s account, the borrower then used 20M DAI and minted 195M e-DAI & 200M d-DAI.

• The attacker then paid back 10M DAI using the borrower’s account, which decreased the value of the d-DAI tokens by 10M DAI.

• To make the situation liquefiable, the borrower again minted 195 million e-DAI and 200 million d-DAI tokens. However, a logical error in the `donateToReserve()` method resulted in the burning of e-DAI tokens but not d-DAI tokens, leading to unbacked “d-DAI” token debt that will never be repaid.

• The Liquidator liquidated the debt and borrowed it, resulting in a 310 million e-DAI profit that was later converted into a 38.9 million DAI equivalent.

• The attacker then paid back the Flash loan and made a net profit of 8.8 million DAI. The attack continued until the attackers drained the project’s funds.

Mitigation and Best Practices:

• The burn should be properly called; both the tokens must be burned if someone donates the funds to any other account & debt should be calculated without any logical errors.
• To ensure that the donator is still over-collateralized, the donateToReserves function should check the current market value of the collateral and compare it to the current outstanding loan value. If the donor’s collateral value is less than the outstanding loan value, the transaction should fail.
• To ensure that the correct conversion rate is used in liquidation, the smart contract should use a trusted oracle or an established market price feed to determine the current market value of both the collateral and the borrowed asset. This would ensure that the conversion rate is accurate and transparent.
• It would be helpful to implement additional safeguards such as setting a minimum collateralization ratio to prevent over-leveraging and limiting the amount of borrowing that can be done at any given time.
• To prevent such vulnerabilities, the best Smart Contract auditors must examine the Smart Contracts for logical issues. We at CredShields provide smart contract security and end-to-end security of web applications and externally exposed networks. Schedule a call at https://credshields.com/
• Scan your Solidity contracts against the latest common security vulnerabilities with 130+ detection at SolidityScan including access control vulnerabilities.

SolidityScan — Smart Contract Vulnerability Scanner

Conclusion:

SolidityScan is an advanced smart-contract scanning tool that discovers vulnerabilities and reduces risks in code. Request a security audit with us, and we will help you secure your smart contracts. Signup for a free trial at https://solidityscan.com/signup

Follow us on our Social Media for Web3 security-related updates.
SolidityScan — LinkedIn | Twitter | Telegram | Discord