SolidityScan
HACK ANALYSIS 3 min read

Gamma Hack Analysis

Gamma Hack Analysis

Overview:

On January 4, 2024, Gamma suffered an attack due to a price manipulation vulnerability, leading to an approximate loss of over 6.3M USD.

Smart Contract Hack Overview:

Fig: Attack Transaction

Decoding the Smart Contract Vulnerability:

The attacker revealed a flaw in the deposit proxy configurations, specifically targeting stable and LST vaults. Although the vaults are equipped with four primary deposit protection measures against flash loans, the exploit highlighted a vulnerability in one of these safeguards.

The deposit protection measures include:

1. Enforcing a ratio of token0 and token1 based on the pool ratio.

2. Implementing a price change threshold, disallowing deposits when the price changes beyond a specified limit from the TWAP oracle price.

3. Setting deposit caps per transaction.

4. Prohibiting single-sided deposits.

The primary issue revolves around the deposit proxy settings related to the price change threshold (2), which was set too high. This oversight allowed for a -50% to +100% price change on certain LST and stablecoin vaults, enabling the attacker to manipulate the price up to the threshold and generate an unusually high number of LP tokens.

The attack followed a consistent pattern, exemplified by the gDAI-DAI vault:

1. Starting at block 166874977, the exploiter executed a series of attack transactions employing flash loans from Uniswap and Balancer to manipulate the pool price of gDAI.

2. Exploiting the faulty deposit configurations, the attacker continually looped deposit and withdraw functions in the gDAI-DAI vault.

3. Inflating the pool price of gDAI, the attacker deposited gDAI at the inflated price, receiving a disproportionate amount of LP tokens.

4. This process was repeated across five transactions, all conducted using the following address: 0x535153

Mitigation and Best Practices:

  • Always validate your code by writing comprehensive test cases that cover all the possible business logic.
  • Set all price change thresholds to a safe threshold level
  • To prevent such vulnerabilities, the best Smart Contract auditors must examine the Smart Contracts for logical issues. We at CredShields provide smart contract security and end-to-end security of web applications and externally exposed networks. Schedule a call at https://credshields.com/
  • Scan your Solidity contracts against the latest common security vulnerabilities with 130+ detections at SolidityScan
Fig: SolidityScan — Smart Contract Vulnerability Scanner

Conclusion:

SolidityScan is an advanced smart contract scanning tool that discovers vulnerabilities and reduces risks in code. Request a security audit with us, and we will help you secure your smart contracts. Signup for a free trial at https://solidityscan.com/signup

Follow us on our Social Media for Web3 security-related updates.
SolidityScan — LinkedIn | Twitter | Telegram | Discord

Protect Your Crypto: A Beginner’s Guide to Crypto Auditing
Solidity Mappings 101: Everything You Need to Know