Fairyproof’s Analysis of the Attack on OneRing Finance
On March 21 UTC time, OneRing Finance, a DeFi application deployed on Fantom was attacked. In this attack, the attacker leveraged a…
On March 21 UTC time, OneRing Finance, a DeFi application deployed on Fantom was attacked. In this attack, the attacker leveraged a flashloan to exploit a total of 1,454,672.244369 USDCs valued at around $1,454,672.24.
The attacker’s address was 0x12EfeD3512EA7b76F79BcdE4a387216C7bcE905e on Fantom. The attacking contract was deployed at 0x6A6d593ED7458B8213fa71F1adc4A9E5fD0B5A58 on Fantom by the attacker. The tricky thing with the contract was that it would self-destruct on a specific block. This feature made it hard to track which functions were called in the subsequent actions.
Basically, the attacker obtained its gas via Celer Network’s cBridge, flashloaned 80,000,000 USDCs from Solidly, pumped an LP token’s price, changed the OShare token’s price, and drained OneRing’s assets.
The attacker eventually sent the exploited assets from Fantom back to Ethereum and cashed out via Tornado.Cash.
In this attack, Fairyproof found a bug in a getUSDBalanceFromUnderlyingBalance function, and here is the code section:
What the code did was to calculate the price of an LP token which consisted of two stablecoins. However, it was inappropriate to just calculate the sum of the two stablecoins in the LP token because the price generated was an instant price and it was easily manipulated.
With regard to an appropriate algorithm to calculate an LP token’s price, one famous DeFi application Alpha Homora once presented an algorithm which can be viewed at:
https://blog.alphafinance.io/fair-lp-token-pricing/
Fairyproof strongly suggests adopting this algorithm to calculate an LP token’s price.
Join Coinmonks Telegram Channel and Youtube Channel learn about crypto trading and investing