JPEG’d Hack Analysis

Overview:

On July 30, 2023, JPEG’d experienced a significant security breach due to a reentrancy vulnerability resulting in a loss of ~11.4M USD.

Vyper versions 0.2.15, 0.2.16 and 0.3.0 are vulnerable to malfunctioning reentrancy locks. AlchemixFi, MetronomeDAO, DebridgeFinance and Ellipsisfi are some more projects that faced a similar issue.

Smart Contract Hack Overview:

• Frontrunner Address: 0x6Ec21d
• Attack transaction: 0xa84aa0

Fig: Attack Transaction

Decoding the Smart Contract Vulnerability:

• The root cause of the attack was a reentrancy issue that allowed the attacker to repeatedly called the add_liquidity function without waiting for it to complete its execution. Specifically, the attacker reentered the add_liquidity function even before it had finished processing the previous call.
• During the reentry, the attacker first called the remove_liquidity function, which is responsible for removing liquidity from the pool. This action led to a decrease in the available balance in the pool.
• The problem occurred because the balance was not correctly updated before the attacker reentered the add_liquidity function.
• As a result, the function performed price calculations based on outdated or incorrect balance values, leading to an inconsistency in the pricing mechanism.

Fig: The root cause of the vulnerability

Fig: Attack Flow

Mitigation and Best Practices:

• Use reentrancy-preventive function modifiers, such as Open Zepplin’s Re-entrancy guard
• Always make sure that any state changes occur internally first, such as updating balances or calling internal functions before calling external code.
• To prevent such vulnerabilities, the best Smart Contract auditors must examine the Smart Contracts for logical issues. We at CredShields provide smart contract security and end-to-end security of web applications and externally exposed networks. Schedule a call at https://credshields.com/
• Scan your Solidity contracts against the latest common security vulnerabilities with 130+ detection at SolidityScan including reentrancy vulnerabilities.

SolidityScan — Smart Contract Vulnerability Scanner

Conclusion:

SolidityScan is an advanced smart-contract scanning tool that discovers vulnerabilities and reduces risks in code. Request a security audit with us, and we will help you secure your smart contracts. Signup for a free trial at https://solidityscan.com/signup

Follow us on our Social Media for Web3 security-related updates.
SolidityScan — LinkedIn | Twitter | Telegram | Discord