The Insecure Ways for Mint Amount Calculation — Dot Finance Incident Analysis

Starting from Aug 25, 2021, 09:06:30 AM UTC, our flash loan detector was able to detect suspicious transactions loaning $CAKE with the same amount from PancakeSwap. We proceeded further to understand these activities and discovered the attack utilizing the same flaw as happened with Merlin Lab and ApeRocket Finance.

With our intention to help secure the DeFi ecosystem, we want to use this opportunity to increase awareness which would help to prevent this flaw from happening again, by pointing out the similarities between these attacks and how to avoid them.

A summary of attack transactions can be found here.

Root Cause Analysis

To accomplish the objective, we’re going to analyze the example of insecure mint amount calculations from the recent incidents. These insecure calculations can be found on the following contracts:

• MerlinMinter contract from Merlin Lab (https://bscscan.com/address/0xa2b418e3c71f118a34caf7a0667dbd903b39f212#code)
• SpaceMinter contract from ApeRocket Finance (https://www.bscscan.com/address/0xd79dc49ed716832658ec28fe93dd733e0dfb8d58#code)
• PinkMinter contract from Dot Finance (https://www.bscscan.com/address/0xfc3920bcffb412e2686e76c194cd8935bd651a90#code)

The ultimate goal behind these attacks is to manipulate profit used by performanceFee for calculating the minting amount. We can trace back this attack chain simply by looking at mintFor functions

• MerlinMinter contract: amountMerlinToMint() function utilizes contribution which is calculated from the value of asset and _performanceFee

MerlinMinter’s mintFor()

• SpaceMinter contract: amountSpaceToMint() function takes performanceFeeInBnb which is calculated from performanceFeeAmount. If we look at how mintFor() function is called on withdrawAll() function, we can see that the manipulated profit is used to create this performanceFee.

SpaceMinter’s mintFor()

• PinkMinter contract: amountPinkToMint() function takes contribution which is calculated from the value of asset and _performanceFee. The manipulated profit can be clearly seen by debugging function calls associated with the transaction.

PinkMinter’s mintFor()

performanceFee calculation based on manipulated cakeBalance

We suspect that this flaw might be inherited by forking other platform codes without properly eradicating or remediating the root cause. With the condition that the TVL of the affected pool must be very low, an attacker has to act fast to initiate a profitable attack.

It’s a time bomb waiting to be discovered. We hope that a good guy is faster than a bad guy on this.

About Inspex

Inspex is formed by a team of cybersecurity experts highly experienced in various fields of cybersecurity. We provide blockchain and smart contract professional services at the highest quality to enhance the security of our clients and the overall blockchain ecosystem.

For any business inquiries, please contact us via Twitter, Telegram, contact@inspex.co