Source: SharkTeam
On June 10, 2024, UwU Lend was attacked, resulting in a loss of approximately $19.3 million for the project team.
I. Analysis of the Attack Transactions
Attacker: 0x841dDf093f5188989fA1524e7B893de64B421f47
The attacker initiated 3 attack transactions:
Attack Transaction 1:
0x242a0fb4fde9de0dc2fd42e8db743cbc197ffa2bf6a036ba0bba303df296408b
Attack Transaction 2:
0xb3f067618ce54bc26a960b660cfc28f9ea0315e2e9a1a855ede1508eb4017376
Attack Transaction 3:
0xca1bbf3b320662c89232006f1ec6624b56242850f07e0f1dadbe4f69ba0d6ac3
Taking Attack Transaction 1 as an example, the analysis is as follows:
Attack Contract: 0x21c58d8f816578b1193aef4683e8c64405a4312e
Target Contract: UwU Lend treasury contract, including:
uSUSDE: 0xf1293141fc6ab23b2a0143acc196e3429e0b67a6
uDAI: 0xb95bd0793bcc5524af358ffaae3e38c3903c7626
uUSDT: 0x24959f75d7bda1884f1ec9861f644821ce233c7d
The attack process was as follows:
1. Flash borrow multiple tokens from different platforms, including WETH, WBTC, sUSDe, USDe, DAI, FRAX, USDC, GHO.
The token receiving address was 0x4fea76b66db8b548842349dc01c85278da3925da.
The tokens and quantities borrowed were as follows:
Flash borrowed 159,053.16 WETH and 14,800 WBTC from AaveV3.
Flash borrowed 40,000 WETH from AaveV2.
Flash borrowed 91,075.70 WETH and 4,979.79 WBTC from Spark.
Flash borrowed 301,738,880.01 sUSDe, 236,934,023.17 USDe, and 100,786,052.15 DAI from Morpho.
Flash borrowed 60,000,000 FRAX and 15,000,000 USDC from Uniswap V3: FRAX-USDC.
Flash borrowed 4,627,557.47 GHO and 38,413.34 WETH from Balancer.
Flash borrowed 500,000,000 DAI from Maker.
Totaling approximately 328,542.2 WETH, 19,779.79 WBTC, 600,786,052.15 DAI, 301,738,880.01 sUSDe, 236,934,023.17 USDe, 4,627,557.47 GHO, 60,000,000 FRAX, 15,000,000 USDC.
2. Transferred the flash borrowed tokens to contract 0xf19d66e82ffe8e203b30df9e81359f8a201517ad (abbreviated as 0xf19d) in preparation for initiating the attack.
3. Controlled the price of sUSDe by exchanging tokens, lowering the price.
(1) USDecrvUSD.exchange
Exchanged 8,676,504.84 USDe for 8,730,453.49 crvUSD, increasing the quantity of USDe in USDecrvUSD, lowering the price, and decreasing the quantity of crvUSD.
(2) USDeDAI.exchange
Exchanged 46,452,158.05 USDe for 14,389,460.59 DAI, increasing the quantity of USDe in USDeDAI, lowering the price, and decreasing the quantity of DAI.
(3) FRAXUSDe.exchange
Exchanged 14,477,791.69 USDe for 46,309,490.86 FRAX, increasing the quantity of USDe in USDeDAI, lowering the price, and decreasing the quantity of FRAX.
(4) GHOUSDe.exchange
Exchanged 4,925,427.20 USDe for 4,825,479.07 GHO, increasing the quantity of USDe in USDeDAI, lowering the price, and decreasing the quantity of GHO.
(5) USDeUSDC.exchange
Exchanged 14,886,912.83 USDe for 14,711,447.94 USDC, increasing the quantity of USDe in USDeDAI, lowering the price, and decreasing the quantity of USDC.
The above exchanges resulted in lowering the price of USDe in 5 liquidity pools, ultimately leading to a significant drop in the price of sUSDe.
4. Continuously created lending positions by depositing other assets (WETH, WBTC, and DAI) into the LendingPool contract and borrowing sUSDe. Due to the significant drop in the price of sUSDe, the amount of sUSDe borrowed was much higher than before the price drop.
5. Similar to step 3, manipulated the price of sUSDe to increase it.
6. Liquidated the lending positions in bulk, earning liquidation rewards in uWETH.
7. Repaid the loans, withdrew the target assets WETH, WBTC, DAI, and sUSDe.
8. Deposited sUSDe back into LendingPool, now with the price of sUSDe increased, enabling borrowing of more assets, including DAI and USDT.
9. Exchanged tokens to repay the flash loans, ultimately profiting 1,946.89 ETH.
II. Vulnerability Analysis
Through the analysis above, it was found that the entire attack process involved numerous flash loans and manipulation of the sUSDe price multiple times. When collateralizing sUSDe, it affected the quantity of assets borrowed; when borrowing sUSDe, it affected the borrowing rate, thus impacting the liquidation factor (health factor).
The attacker exploited this by manipulating the sUSDe price downward with flash loans, collateralizing other assets, borrowing a large amount of sUSDe, then raising the sUSDe price to liquidate the collateralized assets for profit. The remaining sUSDe was used to collateralize and borrow other assets, completing the attack.
As seen in step 3, the attacker manipulated the prices of sUSDe by controlling the prices of USDe in the 5 trading pools: USDe/rvUSD, USDe/AI, FRAX/SDe, GHO/SDe, and USDe/SDC. The price was calculated based on prices read from CurveFinance and UniswapV3.
III. Security Recommendations
In light of this attack event, the following precautions should be followed in the development process:
1. To address vulnerabilities in price manipulation, utilize off-chain price oracles to prevent price manipulation.
2. Before project launch, undergo smart contract audits by professional third-party auditing firms.