Reentrancy Attack on Cream Finance — Incident Analysis

Related Addresses

Attack Steps

We’ve identified 2 patterns of attack. The steps of each pattern are as follows.

  • Deposit borrowed $WETH into Cream Finance as a collateral, mint $crETH
  • Borrow $AMP from Cream Finance with reentrancy call to borrow $ETH
  • Swap some $AMP for $WETH
  • Pay borrowed $WETH flashloan
  • Transfer profit to wallet
  • Deposit borrowed $WETH from contract #1 to Cream Finance as a collateral
  • Use contract #1 to borrow $AMP from Cream Finance with reentrancy call to borrow $ETH
  • Transfer $AMP from contract #1 to contract #2
  • Use contract #2 to paid $AMP to liquidate borrow loan of contract #1 and get $crETH back
  • Use contract #2 to redeem $crETH for $ETH in Cream Finance
  • Transfer all $ETH from contract #2 to contract #1
  • Wrap all $ETH in contract #1 and paid borrowed $WETH flashloan
  • Transfer all profit from contract #1 to wallet

Code Analysis

We begun an initial incident analysis by analyzing the attack-related transactions. The first indicator we found and used as the analysis’s starting point is the recursive execution of the borrow() function.

  • CToken.borrowInternal() calls CToken.borrowFresh()
  • CToken.borrowFresh() calls doTransferOut()


In summary, by repeating the attack in 16 transactions. The attacker gained 419,709,548.31 $AMP and 1,308.09 $WETH in total from Cream Finance. For the complete details, we have summarized the information for each transaction in the sheet below:

About Inspex



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Cybersecurity professional service, specialized in blockchain and smart contract auditing