The Insecure Ways for Mint Amount Calculation — Dot Finance Incident Analysis
Starting from Aug 25, 2021, 09:06:30 AM UTC, our flash loan detector was able to detect suspicious transactions loaning $CAKE with the same amount from PancakeSwap. We proceeded further to understand these activities and discovered the attack utilizing the same flaw as happened with Merlin Lab and ApeRocket Finance.
With our intention to help secure the DeFi ecosystem, we want to use this opportunity to increase awareness which would help to prevent this flaw from happening again, by pointing out the similarities between these attacks and how to avoid them.
A summary of attack transactions can be found here.
Root Cause Analysis
To accomplish the objective, we’re going to analyze the example of insecure mint amount calculations from the recent incidents. These insecure calculations can be found on the following contracts:
- MerlinMinter contract from Merlin Lab (https://bscscan.com/address/0xa2b418e3c71f118a34caf7a0667dbd903b39f212#code)
- SpaceMinter contract from ApeRocket Finance (https://www.bscscan.com/address/0xd79dc49ed716832658ec28fe93dd733e0dfb8d58#code)
- PinkMinter contract from Dot Finance (https://www.bscscan.com/address/0xfc3920bcffb412e2686e76c194cd8935bd651a90#code)
The ultimate goal behind these attacks is to manipulate
profit used by
performanceFee for calculating the minting amount. We can trace back this attack chain simply by looking at
- MerlinMinter contract:
contributionwhich is calculated from the value of
- SpaceMinter contract:
performanceFeeInBnbwhich is calculated from
performanceFeeAmount. If we look at how
mintFor()function is called on
withdrawAll()function, we can see that the manipulated
profitis used to create this
- PinkMinter contract:
amountPinkToMint()function takes contribution which is calculated from the value of
_performanceFee. The manipulated profit can be clearly seen by debugging function calls associated with the transaction.
We suspect that this flaw might be inherited by forking other platform codes without properly eradicating or remediating the root cause. With the condition that the TVL of the affected pool must be very low, an attacker has to act fast to initiate a profitable attack.
It’s a time bomb waiting to be discovered. We hope that a good guy is faster than a bad guy on this.
Inspex is formed by a team of cybersecurity experts highly experienced in various fields of cybersecurity. We provide blockchain and smart contract professional services at the highest quality to enhance the security of our clients and the overall blockchain ecosystem.