MonoX Hack Incident—Nov 30, 2021—Detailed Analysis

Introduction

On November 30, 2021, the DeFi protocol, MonoX, experienced a significant security breach. The attacker drained considerable assets, amounting to a total loss of over $31 million.

A sophisticated attacker exploited the MonoX protocol, capitalizing on a loophole in the swapping function. The loss included assets such as WETH, Matic tokens, and several other prominent tokens like Wrapped Bitcoin and Chainlink. The attack was executed on both the Ethereum and Polygon networks.

What is MonoX?

MonoX is an innovative DeFi protocol introduced with a unique design. Instead of the traditional paired liquidity pools, it employs a single token design. This is achieved by virtually pairing deposited tokens with the vCASH stablecoin. Their first implementation of this design was the automatic market maker system known as Monoswap, which was unveiled in October 2021.

Attack Details

Attacker Addresses:

0xecbe385f78041895c311070f344b55bfaa953258
0x8f6a86f3ab015f4d03ddb13abb02710e6d7ab31b

Attack Contracts:

0xf079d7911c13369e7fd85607970036d2883afcfd
0x119914de3ae03256fd58b66cd6b8c6a12c70cfb2

Transaction References:

Etherscan Transaction: https://etherscan.io/tx/0x9f14d093a2349de08f02fc0fb018dadb449351d0cdb7d0738ff69cc6fef5f299

Polygonscan Transaction: https://polygonscan.com/tx/0x5a03b9c03eedcb9ec6e70c6841eaa4976a732d050a6218969e39483bb3004d5d

Root Cause

There was a vulnerability in the swap smart contract, which failed to verify if the transferred and outgoing tokens in the liquidity pool were identical.

The attacker leveraged this flaw in the price update function to manipulate the MONO token price artificially. Subsequently, they exchanged the inflated MONO tokens for other assets in the MonoX protocol.

Detailed Attack Breakdown

Initial Setup

• Action: The attacker began by using the Monoswap.swapExactTokenForToken function.
• Outcome: Successfully swapped 0.1 WETH for approximately 79.99 MONO.

Asset Draining & Liquidity Manipulation:

• Method: The hacker constructed a custom contract to facilitate the attack.
• Execution: Drained all assets from a particular pool and subsequently replenished it with their own liquidity, amplifying the impact.
• Exploited the code located between lines 471–510 in Monoswap.sol.

During this, the _removeLiquidityHelper function was invoked, sidestepping necessary authentication checks.

Specific Actions:

• Remove the liquidity of 0x7b9aa6, transfer 1670.7 MONO and 6.8622171986812230290 vCASH to 0x7b9aa6
• Remove the liquidity of cowrie.eth, transfer 152.9 MONO and 0.628300423692773565 vCASH to cowrie.eth
• Remove the liquidity of 0xab5167, transfer 99940.7 MONO and 410.478879590637971405 vCASH to 0xab5167

• Contributed liquidity to the MONO token pool via contract 1.

Inflating the Price

Strategy: Repeated use of the Monoswap.swapExactTokenForToken function.

Frequency: The function was called 55 times to drive up the MONO price consistently.

Cause of Vulnerability

The swapExactTokenForToken function in Monoswap.sol permitted the use of identical tokens for both input and output, resulting in a price discrepancy.

Analysis of the swapIn function showed its dependency on the getAmountOut function, which subsequently used the _getNewPrice function for price computation.

Due to similarities in the calculation parameters, we can deduce that the price of the output token (tokenOutPrice) was consistently higher than the input token (tokenInPrice).

Given that the tokens for input and output were identical, the price of the token was artificially inflated when the _updateTokenInfo the function was triggered post-calculation.

Final Phase – Asset Conversion & Profit

Action: Leveraging the inflated MONO price to call the swapTokenForExactToken function.

Objective: Swapping inflated MONO for other valuable tokens in the pool.

Technical Insight

Price determination was achieved by calling the swapOut function inside the swapTokenForExactToken function, which was further reliant on the getAmountIn function.

The price of MONO tokens in the pool (tokenInPoolPrice) was artificially high due to previous steps, which meant the MONO tokens were more valuable, enabling the hacker to purchase a larger array of assets from the MonoX protocol.

What Happened to Stolen Funds?

The stolen assets were eventually transferred to the address: 0x8f6a86f3ab015f4d03ddb13abb02710e6d7ab31b.

Loss Breakdown

MonoX Finance incurred a staggering loss nearing $34 million, segmented as follows:

• 2.1k WETH
• 1.9m WMATIC
• 36.1 WBTC
• 143.4k MONO
• $8.2m USDC
• $9.1m USDT
• 1.2k LINK
• 3.1k GHST
• 5.1m DUCK
• 4.1k MIM
• 274.9 IMX

Since then, the hacker has also moved a significant amount to Tornado Cash

Conclusion

The MonoX hack stands as a testament to the importance of rigorous smart contract auditing and the dangers of unchecked functions. It’s essential to ensure that such vulnerabilities are identified and rectified before deployment.

This serves as a reminder for all DeFi protocols to invest in regular security audits and maintain transparency with their communities.