DFORCE NETWORK

DESCRIPTION OF EVENTS

"dForce advocates for building a complete set of DeFi protocols covering assets, lending, and trading, serving as DeFi infrastructure in Web 3. dForce is currently deployed on Ethereum, Arbitrum, Optimism, Polygon, Binance Smart Chain (BSC), and KAVA."

"Peer-to-Peer & Decentralized Financial Network. Permission-less and open – everyone with internet access can participate. Non-custodial – minimal trust cost, users always have ownership over their crypto assets. Open-sourced – anyone can integrate with dForce and build your own product on top of our protocols. Decentralized – dForce (DF) token empowers the governance of the network."

"USX is an over-collateralized stablecoin implementing multiple minting modules including global-pool, vault, and LSR. USX's dollar peg is mainly dictated by a hybrid interest policy that can efficiently improves USX's liquidity on secondary market by adjusting its lending and borrowing rates on supported protocols. Powered by the LSR module, USX is also 1:1 tradable with other supported stablecoins directly through dForce Trade."

"DF Staking [is a] hybrid staking model for DF holders to capture fee income, inflationary rewards, and ecosystem airdrop across the network."

"PoS Staking [is p]roviding [a] validation service in PoS networks by participating in their governance and maintaining the security of the network, further aligning DeFi infrastructure with the broader blockchain ecosystem."

"Enabling decentralized lending and borrowing through smart contracts, automating the execution on the protocol."

"Peer-to-Peer marketplace with aggregated liquidity across different platforms with the best price."

"The vulnerability has been well-known for some time. According to ChainSecurity’s original report:

On April 14, we informed Curve and affected projects about a read-only reentrancy vulnerability in some Curve pools. More specifically, the value of function get_virtual_price can be manipulated by reentering it during the removal of liquidity.”

And Curve have provided a known workaround:

one can call any method which has the nonreentrant lock (removing 0 liquidity is probably the cheapest)."

"Shortly after 11pm Thursday night (UTC), an attack on two fronts exploited a common reentrancy vulnerability, netting $1.9M on Arbitrum and $1.7M on Optimism."

"The alarm was raised a few hours later, and dForce confirmed the incident after a further 90 minutes. The team then expanded on their original announcement, stating that they had pause all vaults and adding: Users' funds supplied to dForce Lending and other vaults are SAFE."

"The exploit used flash loaned funds to deposit into Curve’s wstETH/ETH, depositing the LP tokens into dForce’s wstETHCRV-gauge vault.

Upon calling the remove_liquidity function, the attacker’s contract exploited the reentrancy vulnerability to manipulate the virtual price, which dForce uses as an oracle for the wstETHCRV-gauge tokens."

"Good news came a few days later, when the exploiter returned all funds to dForce multisigs."

Explore This Case Further On Our Wiki

dForce is a decentralized financial network that provides a complete set of DeFi protocols covering assets, lending, and trading. Its protocols are deployed on several blockchains, including Ethereum, Binance Smart Chain, Polygon, and KAVA. The reentrancy vulnerability in Curve has been well-known, and the same vulnerability was exploited in an attack that netted $1.9M on Arbitrum and $1.7M on Optimism against DForce. The attack involved flash loaned funds being deposited into Curve's wstETH/ETH and then into dForce's wstETHCRV-gauge vault. The attacker then used the remove_liquidity function to manipulate the virtual price, which dForce uses as an oracle for the wstETHCRV-gauge tokens. dForce confirmed the incident, paused all vaults, and later announced that users' funds supplied to dForce Lending and other vaults were safe. The good news is that the exploiter returned all funds to dForce multisigs a few days later.

Rekt - dForce Network - REKT (May 3)
Optimistic L2 Transaction Hash (Txhash) Details | Optimism  (May 3)
dForcenet Exploiter | Address 0xe0d551017c0111ac11108641771897aa33b2817c | Optimism  (May 3)
@RektHQ Twitter (May 3)
Curve LP Oracle Manipulation: Post Mortem - Chainsecurity (May 3)
@dForcenet Twitter (May 3)
dForce (May 3)
GETTING STARTED - dForce (May 3)
USX - dForce (May 3)

More case studies

Zunami Protocol Pool Price
Imbalance Arbitrage Exploit

OASIS Application Wallet
Software Exploited