Overview:

On July 11, 2023, LibertiVault experienced a significant security breach due to a reentrancy vulnerability resulting in a loss of ~452K USD.

Smart Contract Hack Overview:

• Attackers address: 0xfd2d3f
• Attack Contract: 0xdfcdb5
• Vulnerable contract: 0x9c80a4
• Attack Transaction: 0x7320ac

Fig: Attack Transaction

Decoding the Smart Contract Vulnerability:

• The attacker initiated the attack by taking a flash loan of 5M USDT and proceeded to call the deposit function of the LibertiVault contract. A portion of the deposited tokens was used for swapping, and the amount of minted tokens was determined based on the proportion between the tokens deposited in that transaction and the contract’s balance before the deposit.
• During the swap operation, the attacker’s contract was invoked, triggering the first reentrancy. By calling the deposit function, the attacker performed a second reentrancy and deposited an additional 2.5M USDT into the contract.
• Following the second reentrancy, the contract minted tokens for the hacker based on the ratio of 2.5M USDT to the previous balance of USDT in the contract. Subsequently, the hacker deposited another 2.5M USDT after the completion of the first reentrant deposit function.
• At this point, after completing the swap operation within the deposit function, the contract minted tokens once again based on the ratio of 2.5M USDT to the contract’s USDT balance.
• The problem arose in the fourth step. Ideally, the contract balance in the second calculation should have been the previous balance plus the initially deposited 2.5M balance. However, due to the reentrancy and the fact that the contract balance was obtained at the beginning, the parameter remained unchanged, and the original balance was used for the calculation.

Fig: The root cause of the vulnerability

Mitigation and Best Practices:

• Use reentrancy-preventive function modifiers, such as Open Zepplin’s Re-entrancy guard
• Always make sure that any state changes occur internally first, such as updating balances or calling internal functions before calling external code.
• Always validate your code by writing comprehensive test cases that cover all the possible business logic.
• To prevent such vulnerabilities, the best Smart Contract auditors must examine the Smart Contracts for logical issues. We at Caligo provide smart contract security and end-to-end security of web applications and externally exposed networks. Schedule a call at https://caligosec.com/
• Scan your Solidity contracts against the latest common security vulnerabilities with 130+ detections at Caligo

Caligo — Smart Contract Vulnerability Scanner

Conclusion:

Caligo is an advanced smart-contract scanning tool that discovers vulnerabilities and reduces risks in code. Request a security audit with us, and we will help you secure your smart contracts.

Follow us on our Social Media for Web3 security-related updates.
Caligo Security — LinkedIn | Twitter | Telegram