Zunami Protocol Hack Analysis

Overview:

On August 14, 2023, the Zunami protocol suffered a price manipulation attack, leading to an approximate loss of ~2M USD.

Smart Contract Hack Overview:

• Attacker Address: 0x5f4c21c
• Attack Contract: 0xa21a2b
• Vulnerable Contract: 0xb40b6
• Attack Transaction: 0x0788b

Fig: Attack Transaction

Decoding the Smart Contract Vulnerability:

1)The root cause was the manipulation of prices resulting from an attack due to the incorrect computation of LP prices. Specifically, it involves the totalHoldings function within strategies such as MIMCurveStakeDao, where there was intentional inflation of sdt and sdtPrice.

2)The attacker borrowed 7,000,000 USD from UniswapV3, as well as 7,000,000 USDC and 10,011 WETH from Balancer.

3) He then added liquidity to CruveFinance: Swap using 5,750,000 USDC, resulting in the creation of approximately 5,746,896 crvFRAX tokens. Then, they exchanged around 5,746,896 CrVFRAX tokens for about 4,082,046 UZD and 1,250,000 USDC for approximately 791,280 UZD within the Curve platform.

4) The attacker swapped 11 WETH for approximately 55,981 ST tokens on the Curve platform. Subsequently, they donated all SDT tokens (approximately 55,598) into the MIMCurveStakeDao.

5) Furthermore, he executed a swap involving 10,000 WETH for approximately 58,043 ST tokens and 7,000,000 USDT for about 2,154 WETH on the SushiSwap platform.

6) The attacker then stored a manipulated price snapshot within UZD using the cachessetPrice function. It’s important to note that the cached price had already been altered. Due to this manipulation, the balance of the ATTACKER was artificially inflated as the balance function in the UZD contract relied on this incorrect price.

7)He reversed all the actions undertaken to manipulate the UZD price, ensuring that all artificially inflated UZD was swapped to attain profits.

The root cause of the vulnerability

Mitigation and Best Practices:

• Always validate your code by writing comprehensive test cases that cover all the possible business logic.
• To prevent such vulnerabilities, the best Smart Contract auditors must examine the Smart Contracts for logical issues. We at CredShields provide smart contract security and end-to-end security of web applications and externally exposed networks. Schedule a call at https://credshields.com/
• Scan your Solidity contracts against the latest common security vulnerabilities with 130+ detections at SolidityScan

SolidityScan — Smart Contract Vulnerability Scanner

Conclusion:

SolidityScan is an advanced smart-contract scanning tool that discovers vulnerabilities and reduces risks in code. Request a security audit with us, and we will help you secure your smart contracts. Signup for a free trial at https://solidityscan.com/signup

Follow us on our Social Media for Web3 security-related updates.
SolidityScan — LinkedIn | Twitter | Telegram | Discord