Reentrancy Attack on Cream Finance — Incident Analysis

Related Addresses

Attack Steps

We’ve identified 2 patterns of attack. The steps of each pattern are as follows.

  • Deposit borrowed $WETH into Cream Finance as a collateral, mint $crETH
  • Borrow $AMP from Cream Finance with reentrancy call to borrow $ETH
  • Swap some $AMP for $WETH
  • Pay borrowed $WETH flashloan
  • Transfer profit to wallet
  • Deposit borrowed $WETH from contract #1 to Cream Finance as a collateral
  • Use contract #1 to borrow $AMP from Cream Finance with reentrancy call to borrow $ETH
  • Transfer $AMP from contract #1 to contract #2
  • Use contract #2 to paid $AMP to liquidate borrow loan of contract #1 and get $crETH back
  • Use contract #2 to redeem $crETH for $ETH in Cream Finance
  • Transfer all $ETH from contract #2 to contract #1
  • Wrap all $ETH in contract #1 and paid borrowed $WETH flashloan
  • Transfer all profit from contract #1 to wallet

Code Analysis

We begun an initial incident analysis by analyzing the attack-related transactions. The first indicator we found and used as the analysis’s starting point is the recursive execution of the borrow() function.

  • CToken.borrowInternal() calls CToken.borrowFresh()
  • CToken.borrowFresh() calls doTransferOut()

Conclusion

In summary, by repeating the attack in 16 transactions. The attacker gained 419,709,548.31 $AMP and 1,308.09 $WETH in total from Cream Finance. For the complete details, we have summarized the information for each transaction in the sheet below:
https://docs.google.com/spreadsheets/d/1u4MU4HFBx3dMc_Ogy09QzdAEGGhkZLVOPn64Pi2vTBc/edit#gid=0

About Inspex

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Inspex

Inspex

Cybersecurity professional service, specialized in blockchain and smart contract auditing https://twitter.com/InspexCo