Hundred Finance Hack—April 15, 2023—Detailed Analysis

Overview

Hundred Finance, a project on the Optimism blockchain, suffered a significant hack on April 15, 2023, resulting in a loss of $7.4M.

The methodology employed in the attack involved a flash loan attack that targeted a vulnerability in the hWBTC contract coupled with a rounding error in the redeemUnderlying function, highlighting ongoing security challenges in decentralized finance platforms.

About Hundred Finance

Hundred Finance is a cross-chain lending protocol that enables over-collateralized borrowing and is notable for its deployment across multiple chains with diverse token offerings.

It uses hTokens to track lending positions, emphasizing its functionality and security. At the time of the last attack in March 2022, the protocol had over $6 million in liquidity on the Gnosis chain and had undergone an audit by third-party auditors in February 2022.

Root Cause of the Hack

The primary reason for the hack was the manipulation of the exchange rate in the hWBTC contract by donating a large amount of WBTC, combined with a rounding error in the redeemUnderlying function.

hWBTC contract Address: https://optimistic.etherscan.io/address/0x35594e4992dfefcb0c20ec487d7af22a30bdec60

Technical Details of the Attack

Solidity Version Vulnerability: The attack exploited the Solidity version 0.5.16 used in the contract, which introduced a calculation library to prevent overflows. This allowed for the redemption of a significant amount of WBTC with minimal hWBTC.

Codebase Analysis: A closer look at the contract code, largely derived from Compound’s codebase, revealed that the absence of borrowers for HWBTC assets was a significant vulnerability.

Price Manipulation Mechanics: By transferring assets to the pool, the attacker was able to manipulate the total supply of HWBTC. A small total supply corresponded to a disproportionate amount of underlying assets, causing a spike in the hToken’s value and, thus the borrowing power.

Manipulation of Exchange Rates in Lending Contracts

Manipulating exchange rates in lending contracts typically involves exploiting vulnerabilities or design flaws in how a protocol calculates its assets’ exchange rate.

An attacker can artificially inflate or deflate the value of an asset within the protocol to borrow more funds than they should be entitled to or to pay back less than they owe.

Example:

Let’s say a DeFi protocol uses a token ‘X’ whose value is supposed to be pegged 1:1 with ETH. However, due to a flaw in the contract, an attacker can deposit a large amount of token ‘X’ and manipulate its exchange rate to 2:1 with ETH.

The attacker deposits 1000 ‘X’ tokens into the protocol.

Due to the manipulation, the protocol now thinks these 1000 ‘X’ are worth 2000 ETH.

The attacker then borrows 1500 ETH against their inflated ‘X’ tokens.

They can now liquidate these ETH in the market for real value, effectively draining the protocol’s funds.

Code Snippet:

pragma solidity ^0.8.0;

contract VulnerableLendingProtocol {
    mapping(address => uint256) public balances;
    uint256 public exchangeRate = 1; // Supposed to be 1:1 with ETH
    function deposit(uint256 amount) external {

        // User deposits tokens

       balances[msg.sender] += amount;
    }
    function manipulateExchangeRate(uint256 newRate) external {
        // Vulnerable function that allows exchange rate manipulation
        exchangeRate = newRate;
    }
    function borrow(uint256 amount) external {
        // User can borrow against their balance at the manipulated rate
        uint256 maxBorrow = balances[msg.sender]  exchangeRate;
        require(amount <= maxBorrow, "Borrow amount exceeds collateral");
   
        // Borrowing logic here

        // ...
    }
}

In this scenario, the manipulateExchangeRate function represents a vulnerability that an attacker could exploit to change the exchange rate, thereby allowing them to borrow more funds than they should be able to based on their actual collateral.

Attack Flow

Overview of the Attack Strategy

The Hundred Finance hack was executed through a series of complex maneuvers, starting from the preparation phase to the execution of the exploit:

Preparation Using Tornado Cash: The hacker initiated their plan by withdrawing funds from Tornado Cash and transferring these funds to the Optimism and Arbitrum networks, laying the groundwork for the attack.

WBTC Acquisition and Deployment: The attacker used the withdrawn ETH to purchase Wrapped Bitcoin (WBTC) and then deposited this WBTC into the hWBTC markets on Hundred Finance. This move made them the sole holder of hWBTC tokens, a critical step for the subsequent exploit.

Master Contract Deployment: In a strategically calculated move, the attacker deployed two master contracts aimed at exploiting both the newer and older deployments of the Hundred Finance protocol.

Exploit Execution

Burning and Flashloan: The attack commenced with the burning of hWBTC for WBTC, followed by taking out a significant WBTC flashloan using Aave.

Market Manipulation: The attacker then carried out a series of intricate steps, including minting hWBTC, redeeming it, and inflating its value through donations.

Exploiting Rounding Error: A key to the exploit was leveraging a rounding error in the withdrawal process, allowing the attacker to withdraw substantial assets with minimal hWBTC.

Intricate Contract Interactions: The master and drainer contracts were used in tandem to execute a coordinated attack on both versions of the Hundred Finance deployment. This involved burning hWBTC, acquiring a flash loan, and manipulating the market’s collateral value.

Sequential Market Drain: The attacker meticulously drained each market, systematically borrowing all available assets and exploiting the rounding error before repaying the flash loan. This methodical approach led to the successful seizure of all targeted assets.

Detailed Attack Flow

The attacker executed a sophisticated exploit using a combination of flash loans, smart contract manipulation, and a critical rounding error. Here is a structured breakdown of their approach:

Initial Preparation and Flash Loan Acquisition

• Tornado Cash Withdrawals: The hacker, using the wallet address 0x155DA45D374A286d383839b1eF27567A15E67528, withdrew 1 ETH and later 10 ETH from Tornado Cash on April 11th and 14th, respectively. Portions of these funds were transferred to Optimism and Arbitrum via respective bridges.
• WBTC Acquisition: The 10 ETH withdrawn was used to purchase Wrapped Bitcoin (WBTC), which was then sent to the hacker’s wallet on Optimism.
• Deposit into hWBTC Markets: The WBTC was deposited into two empty hWBTC markets on Hundred Finance, making the attacker the sole holder of two types of hWBTC tokens.
• Flash Loan Initiation: The attacker initiated a flash loan from Aave, borrowing 500 Wrapped Bitcoin (WBTC).
• Observation: They noted that the hWBTC lending pool on Hundred Finance had minimal activity, mainly their own.

Exploiting the hWBTC Contract

• Manipulation via Donation: By donating 200 WBTC to the hWBTC contract, they inflated the hWBTC’s exchange rate. This was crucial for the subsequent steps, as it allowed even a tiny amount of hWBTC to drain substantial assets from the lending pools.
• Redeeming Staked WBTC: The attacker first redeemed a previously staked amount of 0.3 WBTC.

Executing the Core Attack

• Contract Interplay: The attack involved two contracts, creatively labeled as Contract 1 and Contract 2.
• From Contract 1 to Contract 2: After redeeming 0.3 WBTC, Contract 1 sent 500.3 WBTC to Contract 2.
• Minting and Redeeming hWBTC: Contract 2 used 4 BTC to mint 200 hWBTC and then redeemed the 4 BTC, highlighting the exploitability of the exchange rate manipulation.
• Final Borrowing and Repayment: Contract 2 then sent 500.3 WBTC to the hWBTC contract and borrowed 1021.91 ETH using the remaining 2 hWBTC. The debt was repaid using 1 hWBTC, and 500.3 WBTC was withdrawn. Detailed Attack Transactions and Attacker’s Address

Attacker’s Address: 0x155da45d374a286d383839b1ef27567a15e67528

Attacker Contract: https://explorer.forta.network/alert/0x45c35266f0896e8612b18cfad6ec30bda53ddf86ec123d40d062d848961bc901

Hack Transaction 1: https://optimistic.etherscan.io/tx/0x6e9ebcdebbabda04fa9f2e3bc21ea8b2e4fb4bf4f4670cb8483e2f0b2604f451

Hack Transaction 2: https://optimistic.etherscan.io/tx/0x15096dc6a59cff26e0bd22eaf7e3a60125dcec687580383488b7b5dd2aceea93

Stolen Fund Details

Initial Assessment of Stolen Funds

Total Assets Drained: The attacker siphoned 1,030 ETH, 1,265,979 USDC, 1,113,431 USDT, 865,143 SUSD, 842,788 DAI, 457,286 FRAX, and 20,854 SNX from the protocol. This amounted to approximately $7.3 million USD, including around $50,000 USD from the previous Optimism deployment.
Number of Affected Wallets: The stolen funds originated from 180 individual wallets, leaving the owners unable to reclaim their cryptocurrencies.

Distribution Across Blockchains:

Ethereum: Initially, around $5.4 million worth of assets were identified on the Ethereum blockchain.
Optimism: Approximately $0.9 million remained on Optimism after the funds were bridged to Ethereum.

Bridging to Ethereum:

The exploiter transferred an estimated 1,034 ETH (valued at approximately $2.18 million at the time), along with 1.27 million USDC, 1.1 million USDT, 842.8K DAI, and 0.058 WBTC, to Ethereum via Multichain.

Detailed Swaps and Deposits

Swapping USDT: 1.1 million USDT was exchanged for 500K DAI and 613K FRAX.
Swapping USDC: 480K USDC was swapped for 39 PAXG, 142.6 WETH, and 305.5K WOO.
Curve Deposit: An additional 786K USDC was deposited into Curve—a DeFi liquidity pool.

Hack Aftermath

In response to the hacking incident, Hundred Finance executed a series of immediate and strategic measures aimed at managing the crisis and mitigating its impacts:

Alert and Market Pause

• Timely Awareness: The team was alerted 14 minutes post-attack, at 2:26 pm UTC, about the security breach.
• Pausing Markets: As a preventive measure, Hundred Finance swiftly paused markets across all chains. This was a crucial step to prevent further risks and to allow a thorough investigation of the hack. During this pause, users retained the ability to repay borrows and withdraw supplied assets, but other activities were restricted.

Communication and Community Engagement

• Public Notification: Utilizing their Discord and Twitter platforms, the team promptly informed the community of the incident, with an official tweet published at 2:37 pm UTC.
• Outreach for Solutions: Recognizing the potential risk in all Compound v2 forks with empty markets, Hundred Finance proactively contacted other projects, advising them to inspect and rectify similar vulnerabilities.

Financial Incentives and Bounty Program

• Initial Bounty Offer: In an effort to gather information and possibly recover the stolen funds, Hundred Finance announced a $500,000 USD open bounty two days after the hack, on April 17th. This bounty was aimed at encouraging information that could lead to the arrest of the hacker and the retrieval of the stolen assets.
• Ultimatum and Increased Bounty: Following no response from the hacker, the team issued an ultimatum through a second message, offering a 10% bounty of the value of the assets held in exchange for the return of the remaining 90% of the stolen funds within 24 hours.
  
  Address for returning stolen funds: https://etherscan.io/tx/0x6fd6eeeb0f3f5c0f25e384710aa0ff027e924973806f514e9984eec042ad7003

Legal Action and Law Enforcement Engagement

• Engaging Law Enforcement: When the ultimatum was not met, Hundred Finance informed law enforcement and initiated formal criminal proceedings. This action represents a commitment to a robust legal response and protecting their user base.
• User Collaboration Request: The team urged users to come forward and identify themselves to aid in the multi-jurisdictional legal response. This was facilitated through the project’s Discord, encouraging affected users to engage directly with the team for coordinated action.

Financial Impact and Recovery Attempts

• Token Value Fluctuation: The HND token experienced a drastic drop of approximately 50% immediately following the hack, indicating a significant market reaction. However, it has shown a partial recovery, indicating ongoing efforts to stabilize and regain market confidence.
• Ongoing Recovery Efforts: The combination of market pausing, community advisories, financial incentives, and legal engagement form part of a broader strategy by Hundred Finance to recover from the hack and reinforce the security and trustworthiness of their platform.

Details of Previous Hacks

Hundered Finance also suffered exploits on different chains in February and March of 2023, with losses totaling $9.5M.

Similar Methodology Hacks: CREAM Finance in August 2021, exploited using the same reentrancy mechanism.

Mitigation Steps to Avoid Such Hacks

Minting Small Amounts at Market Creation:
To prevent an empty market scenario, the protocol could mint minimal balances, making such attacks unfeasible.

Deactivating RedeemUnderlying Function: Disabling this function would block the exploitation route used in the hack, though it might require alternative methods for token redemption.

Conclusion

Hundred Finance’s recent hack on April 15th highlights the ongoing vulnerabilities in DeFi platforms, particularly in relation to flash loan attacks and contract manipulations.

While the project has faced similar issues in the past, this incident underscores the necessity for continuous vigilance and improvement in blockchain security protocols.

The involvement of third-party blockchain and smart contract auditors like ImmuneBytes could potentially provide additional layers of security and oversight to prevent such exploits.