Fairyproof ‘s Analysis of the Attack on Visor Finance
On November 25, 2021, Visor, a DeFi application was attacked. Fortunately, the team immediately took actions on time to secure all deposits…
On November 25, 2021, Visor, a DeFi application was attacked. Fortunately, the team immediately took actions on time to secure all deposits after the attack was detected, thus no serious damages were caused.
The basic information about this attack is as follows:
The attacker’s address was:
0xf434edf6b19e7310a7bea05ad3df6c086fd3a98e
The attacking contract’s address was:
0x1a252684a15f07c97ec20b2d6bb380d7410058da
The attacked contract’s address was:
0x65Bc5c6A2630a87C2B494f36148E338dD76C054F on Ethereum
The attacked contract’s name was Hypervisor.
The function concerned was:
And here was the function’s implementation:
From the above code, we can clearly see that the price that the TickMath.getSqrtRatioAtTick function returned was a price obtained from a Uniswap V3’s trading pair. This price was used to calculate a staking share and was manipulated by the attacker in this incident.
Basically, the attacker used Uniswap to twist an asset’s price by flash-loaning, and then used this twisted price to obtain an excessive staking share. This excessive staking share was then used to obtain the LP token of OHM-ETH which was subsequently converted to OHM and ETH.
The vulnerability of this contract was that it used a manipulatable price as a price feed and this would introduce huge risks to an application.
However, this kind of risk is not difficult to discover. Actually, it is a typical vulnerability that has been discovered quite often in the past. It is a must-list vulnerability in Fairyproof’s audit whenever it is discovered. But still, it doesn’t seem to draw enough attention by the project.
Again, Fairyproof’d like to reiterate that it is strongly suggested to use Chainlink or a TWAP price oracle as the price feed for a crypto asset.