Arcadia Finance – Hack Analysis

On July 10, ArcadiaFi, a protocol operating on Ethereum and Optimism, experienced a significant security breach resulting in a loss of approximately $455,000. 

We, Immunebytes, a leading smart contract audit firm, conducted a thorough investigation of this incident to understand the nature of the attack, the vulnerabilities exploited, and to propose robust solutions to prevent similar incidents in the future.

The core issue stemmed from the vaultManagementAction and liquidateVault functions in the protocol smart contracts, combined with a lacking of trusted input validations and reentrancy protection. This report provides an in-depth analysis of the exploited vulnerabilities, potential ways to harden the protocol, and overall recommendations to improve the security posture of the ArcadiaFi protocol.

Detailed Hack Analysis – Code Exploitation

vaultManagementAction Function

In the vaultManagementAction function, the attacker leveraged the lack of access control to first transfer all assets to a smart contract they controlled. After this, the attacker re-entered the liquidateVault function to liquidate the vault. The function, designed to interact with external logic and check for the vault state at the end of the transaction, was tricked into bypassing checks.

Here is a snippet of the code that was exploited:

The problem here is that the function allows for assets to be withdrawn and deposited into an arbitrary actionHandler address, enabling the attacker to drain funds from the vaults. Additionally, the lack of a check for whether usedMargin is equal to fixedLiquidationCost allows the attacker to bypass the condition that ensures the vault is healthy.

liquidateVault Function

In the liquidateVault function, the global variable isTrustedCreditorSet is set to false, and the trustedCreditor is set to address(0). This action allowed the attacker to bypass the collateral check as there is no enforcement that the caller must be a trusted creditor.

Here is the exploited part of the liquidateVault function:

executeAction Function

The executeAction function, which is meant to call a series of addresses with arbitrary calldata, lacked a validation of untrusted inputs. This lack of validation was exploited to drain funds from both darcWETH and darcUSDC vaults.

Furthermore, the function lacks a mechanism to prevent reentrant calls, allowing the attacker to bypass the internal vault health check.

Detailed Step-By-Step Analysis of the ArcadiaFi Protocol Hack

In this section, we’ll delve into a step-by-step analysis of the ArcadiaFi protocol hack, which resulted in a total loss of approximately $400,000.

Step 1: Exploitation of the Vault Management Action Function

The hacker starts off by manipulating the vaultManagementAction function. This function is integral to the platform as it allows ArcadiaFi to interact with other DeFi protocols, thereby controlling the flow of assets.

1.1. Injection of the Malicious Contract

The attacker crafts a malicious contract, then injects it into the vaultManagementAction function. This is done by providing the address of the malicious contract in the function argument named actionHandler.

1.2. Transfer of Assets to the Malicious Contract

Through the vaultManagementAction function, the attacker redirects all the assets to their own malicious contract. They are able to accomplish this by calling the _withdraw function nested inside the vaultManagementAction function that takes in the actionHandler argument.

Step 2: Manipulation of the Liquidate Vault Function

After successfully redirecting all assets to their control, the attacker focuses on the liquidateVault function. This function is typically triggered during emergencies (e.g. unhealthy collaterals) to safeguard the assets of the protocol, at large.

2.1. Bypassing the Emergency Conditions

The attacker cleverly tricks the system into initiating the liquidateVault function even though there’s no actual emergency. This is possible because they were able to set the “isTrustedCreditorSet” global variable to false, since during reentrancy the value of the flag was not updated yet, this flow effectively bypasses the normal collateral health check.

2.2. Triggering the Emergency Protocol

Having bypassed the emergency conditions, the attacker is able to trigger the liquidateVault function. Since there’s no reentrancy guard in place, the attacker can repeatedly call the function, leading to instant liquidation of the vault.

Step 3: Manipulation of the Execute Action Function

The last part of the attack involves manipulating the executeAction function. This function is important as it enables transactions or interactions with other smart contracts.

3.1. Performing Unauthorized Transactions

The attacker abuses the executeAction function to carry out unauthorized transactions. These transactions drain the funds from the vaults and redirect them into the control of the attacker.

By the end of these steps, the attacker has successfully exploited the ArcadiaFi protocol, resulting in a loss of approximately $400,000. As with any such security incident, it’s imperative to learn from these exploits and implement robust security measures to prevent future occurrences.

Recommended Mitigation Steps

Reentrancy Guard

To prevent recursive function calls, you should implement a reentrancy guard (mutexes) as suggested in the ConsenSys Diligence best practices standard. This approach involves the use of a lock that is set before the external function calls and prevents reentrancy until the function has completed its execution.

Secure the liquidateVault function

Modify the liquidateVault function to only be callable by a trusted creditor. This measure can be implemented by adding a require statement that validates msg.sender against a list of trusted creditors.

Validate Untrusted Inputs

Ensure to validate untrusted inputs in the executeAction function. You can sanitize the inputs, check their integrity, and verify if they meet the expected patterns and length.

Secure vaultManagementAction function

Introduce checks in the vaultManagementAction function to validate whether the usedMargin is equal to fixedLiquidationCost and that the vault is healthy before executing actions.

Strict Access Control

Enforce strict access control for sensitive operations. Make sure that only authorized addresses can call sensitive functions.

Regular Security Audits

Schedule regular audits of your smart contracts with an experienced security firm like Immunebytes to ensure that all known and possible security risks are addressed.

By implementing these recommendations, we are confident that ArcadiaFi can significantly improve its resilience against future attacks and restore confidence in the protocol’s security. Please feel free to reach out to Immunebytes if you have any questions or need further clarification on any aspect of this report.

Transaction Analysis

In the scope of this hack, two critical transactions were identified that were used to carry out the attack. These transactions allowed the hacker to exploit vulnerabilities in the ArcadiaFi protocol, resulting in significant asset loss. This section of the report provides an analysis of these transactions:

Transaction 1: Ethereum Network

This transaction took place on the Ethereum network. It involved the invocation of the vaultManagementAction function which allowed the hacker to first transfer all assets to a contract under their control. This was the first step in setting up the conditions for the subsequent re-entrance into the liquidateVault function. A close analysis of the transaction reveals the misuse of the outgoing and incoming ActionData objects to manipulate asset transfers.

Transaction 2: Optimism Network

This transaction occurred on the Optimism network. It involved the misuse of the liquidateVault function, allowing the attacker to liquidate the vault without the necessary collateral check. An analysis of the transaction shows that the open debt parameter was manipulated in a way that bypassed the internal health check of the vault, leading to the completion of the illicit liquidation process.

Conclusion

The recent exploit on the ArcadiaFi protocol represents a significant case study for the understanding and prevention of similar vulnerabilities in DeFi protocols. As the detailed analysis of the attack indicates, the primary causes were an absence of reentrancy protection, inadequate untrusted input validation, and failure in performing effective vault health checks. These weaknesses allowed a malicious actor to illicitly manipulate asset transfers and bypass internal security measures, leading to a substantial loss of assets.

At ImmuneBytes, our mission is to provide our clients with a robust security infrastructure, and an essential part of that is learning from such instances of vulnerability exploits. We are dedicated to ensuring that protocols not only become aware of such vulnerabilities but also receive guidance on how to rectify these issues effectively. As indicated in the mitigation section of this report, implementing preventative measures such as reentrancy guards, rigorous input validation, and comprehensive vault health checks are necessary to increase protocol resilience against similar attacks.

Moreover, our comprehensive security audits can help detect potential security issues before they can be exploited. Regular audits, penetration testing, and transaction pattern analysis are all part of our security services that can significantly improve the security posture of any protocol. Partnering with ImmuneBytes will ensure that your smart contracts are as secure as possible, and can stand up against the continuous advancements in exploitation techniques.

Through our detailed vulnerability analyses, comprehensive mitigation strategies, and a team of expert security analysts, ImmuneBytes is committed to making DeFi a safer space for everyone. We stand ready to assist @ArcadiaFi in strengthening its security measures and ensuring such an incident does not occur again in the future. Together, we can pave the way for a more secure and trusted DeFi environment.