Incident Overview
Table of Contents
On 14 Sept 2020, the bZx protocol (now @OokiTrade) faced a significant security incident when a bug in the iTokens duplication method was exploited, resulting in a considerable loss of funds. This event marked the third time bZx faced a hack that year alone.
Hack in a Nutshell
- The bZx team noticed a peculiar drop in the protocol’s Total Value Locked (TVL).
- They subsequently pinpointed an anomaly with the _internalTransferFrom() function on the iToken contract.
- The team decided to pause both the minting and burning of iTokens while they discerned a solution.
- It’s important to note that during this period, borrowing and trading functionalities remained unaffected.
- After identifying the issue, a new version of the affected iToken contracts was launched with corrected balances to account for the duplications.
- The corrected code was then forwarded to Peckshield and Certik for rigorous review.
- Once the code was vetted, minting and burning of iTokens resumed.
Hack Analysis in Detail
The Vulnerability
The glitch in the bZx iToken duplication method allowed hackers to artificially inflate their balance. The bug managed to remain undetected in two extensive code audits from two prominent 3rd party smart contract auditing firms.
Extent of the Damage
Anton Bukov from 1inch.Exchange reported that 101778 $iETH tokens (equivalent to ~4.7K ETH or approximately $1,724,900 with ETH priced at $367) were duplicated on the bZx protocol across nine separate transactions.
Immediate Response
The bZx team began their investigation by noticing a sudden drop in the protocol’s total value locked (TVL). They identified the duplication across several iTokens and paused all activities on the protocol temporarily. After a thorough examination, the problematic duplication method was rectified in the iToken contract code.
Total Value Lost
The hack led to a loss of about $8 million. However, bZx assured that the stolen funds were sourced from the insurance funds, ensuring no current risks to users’ funds. The assets added to the insurance fund post the incident were:
- 219,199.66 LINK
- 4,502.70 ETH
- 1,756,351.27 USDT
- 1,412,048.48 USDC
- 667,988.62 DAI
Technical Details
The core of the issue revolved around the contract for bZx’s “iTokens”. A single line of code, placed incorrectly, was the culprit.
This bug allowed token duplication when a user transacted with themselves through a specific function. Due to an order-of-operations error, when the sender and receiver were the same, the subtraction was rendered ineffective, enabling attackers to generate new tokens as they pleased. These duplicated tokens were then cashed out for their underlying collateral.
Every ERC20 token possesses a transferFrom() function, responsible for transferring tokens. The vulnerability in question allowed this function to be exploited in a way that users could create and transfer an iToken to themselves, thus artificially inflating their balance.
Here’s a step-by-step breakdown of the exploit:
- The transfer function was invoked with the same _from and _to addresses.
- This was immediately followed by the _internalTransferFrom function being called with identical arguments.
- The main issue arose from the following lines of code:
Having _from and _to as identical addresses led to _balancesFrom and _balancesTo being equal. Consequently:
This sequence of actions effectively decreased the balance of _balancesFrom and simultaneously increased the balance of _balancesTo. The subsequent storage of _balancesFromNew and _balancesToNew allowed users to artificially amplify their balance.
The fix involved relocating the setting of balancesTo to a position subsequent to the deduction from balances[_from].
This strategic move prevented users from artificially inflating their balance. The adjusted code was then submitted to two blockchain security firms which confirmed and approved the modifications.
Aftermath of the Hack
The hacker was eventually tracked down due to their on-chain activities. After being identified, the hacker returned the stolen funds. bZx had established an insurance fund in anticipation of such “black swan events”.
As a result, the stolen assets were debited from this fund, which typically accumulates 10% of the protocol’s revenue through interest rates.
Despite the return of the stolen funds, the Fulcrum protocol (developed by bZX) had only $6 million in total value locked after the incident.
This incident serves as a sobering reminder of the potential vulnerabilities present in the DeFi space, emphasizing the importance of rigorous security measures and the value of foresight in creating safety nets like insurance funds.
Other Hacking Incidents on bZX Protocol
This is not the isolated hacking incident suffered by bZX Protocol. Following are the details of other exploits which they suffered between the year 2020 and 2021.
February 15, 2020, Hack Amount: $350,000
The DeFi project bZx experienced a security breach during the ETHDenver hackathon in February 2020. A hacker exploited vulnerabilities in the platform to siphon off $350,000.
The attack centered on the manipulation of bZx’s pricing oracle, which the platform relied on as a single source of price information. By taking advantage of this oracle, the hacker executed a complex series of transactions. They initiated a flash loan, borrowing 10,000 ETH (approximately $2.67 million) in a short timeframe.
A critical factor in this attack was the use of UniSwap’s price feed for WBTC by bZx, which contributed to the attacker’s success. When the attacker sold the $1.1 million worth of WBTC on UniSwap, it resulted in a highly profitable short position for bZx.
February 18, 2020, Hack Amount: $630,000
In a swift and coordinated attack, malicious actors executed a flash loan-based exploit on the bZx platform, initiating the scheme by borrowing 7,500 ETH (approximately $1.98 million) and purchasing synthetic USD (sUSD) worth $939,300, using it as collateral for a bZx loan.
They manipulated the sUSD price with 900 ETH (about $240,000) to inflate it to $2, enabling them to borrow another 6,796 ETH (roughly $1.8 million) to repay the initial loan, leaving them with a profit of 2,378 ETH ($633,000).
This entire operation took just over a minute and resulted in a $633,000 loss for bZx, leading to a significant decrease in locked ether from $10.7 million to $6.1 million. bZx covered the losses incurred by the attack, and this event followed a similar attack on the platform a few days prior, raising questions about the identity of the perpetrators.
November 6, 2021, Hack Amount: ~$55 million
DeFi lender bZx experienced a security breach where a private key controlling the protocol’s deployment on the Polygon and Binance Smart Chain was compromised.
This breach led to the theft of approximately $55 million. bZx clarified that its smart contracts remained secure, but the private key breach allowed unauthorized access to certain funds.
The hack also affected the team wallet, resulting in personal losses amounting to around 25% of the stolen funds.