Started from 10:36:20 AM UTC on May 16th, 2021, bEarn.Fi’s BUSD vault was exploited due to improper withdrawal amount handling. In this post, we would describe the technical details of this issue step-by-step.
- bEarn.Fi had assumed that the value of 1 ibBUSD (Alpaca Vault BUSD share token) is always equal to 1 BUSD.
- This causes the
BvaultsStrategycontract to return less BUSD to the bVault contract than the actual amount withdrawn, resulting in a leftover balance in the
- Whenever a new deposit is done, the leftover balance is re-staked into the farm contract again, causing the
wantLockedTotalvalue to be improperly inflated.
- For every withdrawal, as the
wantLockedTotalis inflated, the withdrawn amount would be higher than the actual value deposited.
- In this attack, the attacker wrote a smart contract to perform a flash loan from Cream.Finance, then deposit and withdraw repeatedly on bEarn.Fi BUSD Vault.
- With the improperly inflated value, the attacker was able to gain profit in every set of depositing and withdrawing actions.
2. Related BSC Addresses
- Attacker’s Wallet: 0x47f341d896b08daacb344d9021f955247e50d089
- Attacker’s Contract: 0xef39F14213714001456E2E89EDdBDF8c850C3BE6
- bEarn.fi — bVaults Bank: 0xB390B07fcF76678089cb12d8E615d5Fe494b01Fb
- bEarn.fi — bVaults BUSD Strategy: 0x21125d94Cfe886e7179c8D2fE8c1EA8D57C73E0e
- Alpaca Finance — ibBUSD Vault: 0x7C9e73d4C71dae564d41F78d56439bB4ba87592f
- Alpaca Finance — Fair Launch: 0xA625AB01B08ce023B2a342Dbb12a16f2C8489A8F
- Cream Finance — crBUSD Vault: 0x2Bc4eb013DDee29D37920938B96d353171289B7C
3. In-depth Technical Analysis
BvaultsStrategy contract, the
withdraw() function withdraw
_wantAmt ibBUSD token from the farming contract (Alpaca Fair Launch), burn it to BUSD, then transfer
_wantAmt BUSD to the vault.
2. As burning 1 ibBUSD would result in more than 1 BUSD, some BUSD would be left in the
3. On the deposit function of
BvaultsStrategy, if the strategy is an auto compound strategy, the
_farm() function is called.
4. In the
_farm() function, the whole balance in the
BvaultsStrategy contract, including the leftover balance from the previous withdrawal, is deposited into the farming contract. This causes the
wantLockedTotal amount to be overly inflated.
5. With an inflated
wantLockedTotal value, a higher amount can be withdrawn from the vault.
6. With this bug, the attacker can repeatedly deposit and withdraw to gain profit from the inflated
Please see the attack activity from the transaction detail below:
- The attacker flash loaned 7,814,952.39 BUSD from Cream.Finance.
- The attacker deposited the loaned amount together with the attacker’s own BUSD to the bEarn.Fi.
- The attacker withdrew the shares from bEarn.Fi.
As you can see in the above transaction, the attack is very simple. The attacker just repeatedly deposited and withdrew from bEarn.Fi.
There are 2 mistakes in the bEarn.Fi which are shown in the red and orange boxes in the screenshot above.
- Orange Box: bEarn.Fi had assumed that the value of 1 ibBUSD (Alpaca Vault BUSD share token) is always equal to 1 BUSD. This causes the BvaultsStrategy contract to return less BUSD to the bVault contract than the actual amount withdrawn, resulting in a leftover balance in the BvaultsStrategy smart contract.
- Red Box: The bVault contract miscalculated the user’s share because the wantLockedTotal was inflated. As a result, the withdrawn amount is higher than the actual value deposited.
4. Attack Summary
In summary, by repeating the attack hundreds of times in 24 transactions. The attacker gained 11,769,184.44 BUSD in total from bEarn.Fi BUSD vault.
For the complete detail, we have summarized the information for each transaction in the sheet below:
Bearn.fi Incident’s Profit
Round,Tx ID,First Deposit,First Flashlone,Amount In,Last Withdraw,Return Debt,Amount Out,Profit 1…
Inspex is formed by a team of cybersecurity experts highly experienced in various fields of cybersecurity. We provide blockchain and smart contract professional services at the highest quality to enhance the security of our clients and the overall blockchain ecosystem.