SolidityScan
HACK ANALYSIS 2 min read

Themis Protocol Hack Analysis

Themis Protocol Hack Analysis

Overview:

On June 28, 2023, Themis Protocol suffered an attack, due to a price manipulation vulnerability, leading to a loss of ~365K USD

Smart Contract Hack Overview:

Fig: Attack Transaction

Decoding the Smart Contract Vulnerability:

  • The attacker initiated a flashloan of 22,000 ETH from Aave.
  • They borrowed an additional 10,000 ETH from one Uniswap pool and 8,000 ETH from another Uniswap pool.
  • The borrowed 22,000 ETH was deposited, and in return, they borrowed DAI, USDT, USDC, ARB, and WBTC.
  • Afterwards, they withdrew 55 ETH and created a new contract.
  • The 55 ETH was added to a Balancer pool, and as a result, the attacker obtained B-wstETH-WETH-Stable-gauge LP tokens.
  • Using the corresponding pool on Balancer, they swapped WETH for wstETH.
  • The price of the LP token B-wstETH-WETH-Stable-gauge was checked.
  • Although the contract responsible for the price query was not open-source, it was observed through the call stack that it followed a process:
  • First, it checked the quantities of both tokens (WETH and wstETH) in the pool.
  • Then, it verified the prices of WETH and wstETH.
  • The contract computed the price by multiplying the WETH price by its quantity and adding it to the result of multiplying the wstETH price by its quantity.
  • This value was then divided by the total supply of LP tokens.
  • By manipulating the token quantities in the pool via the swap operation, the attacker could increase the LP token’s price and subsequently borrow 317 ETH.
Fig: Attack Flow

Mitigation and Best Practices:

  • Always validate your code by writing comprehensive test cases that cover all the possible business logic.
  • To prevent such vulnerabilities, the best Smart Contract auditors must examine the Smart Contracts for logical issues. We at CredShields provide smart contract security and end-to-end security of web applications and externally exposed networks. Schedule a call at https://credshields.com/
  • Scan your Solidity contracts against the latest common security vulnerabilities with 130+ detections at SolidityScan
SolidityScan — Smart Contract Vulnerability Scanner

Conclusion:

SolidityScan is an advanced smart-contract scanning tool that discovers vulnerabilities and reduces risks in code. Request a security audit with us, and we will help you secure your smart contracts. Signup for a free trial at https://solidityscan.com/signup

Follow us on our Social Media for Web3 security-related updates.
SolidityScan — LinkedIn | Twitter | Telegram | Discord

Midas Capital Hack Analysis
SHIDO Hack Analysis