$3 800 000 USD

MARCH 2021




"Dodo Finance is a decentralized exchange that lives on both Ethereum and Binance Smart Chain." "The exchange works by having market markers contribute to pools of funds, enabling traders to buy and sell tokens from the pools."


"[W]e had merged, after [our Peckshield] audit, several code changes to simplify the logic before going live in February, and missed this critical permission management step."


"On March 8, 2021, the DODO DEX experienced a smart contract hack." "[T]he Dodo Finance attacker was able to exploit a bug in the Dodo contract that allowed them to fraudulently mint new tokens, the attacker also used flash loans to make the most of their attack."


"After a quick probe, we discovered the root cause: the init() function in the pool creation contract could be called multiple times, leading to repeated initializations. The attackers took advantage of this and borrowed out the tokens in the liquidity pools using flash loans. The pool contract was then initialized again and counterfeit tokens created by the attackers were returned in lieu of the original tokens, bypassing the flash loan return check logic." "The bad actor creates a counterfeit token and initializes the smart contract with it by calling the init() function, then calls the sync() function and sets the “reserve” variable (representing the total balance) to 0. He calls init() again to re-initialize, this time with a “real” token, and uses a flash loan to transfer all such coins from the pools and bypass the flash loan check."


"According to reports from DODO, several V2 Crowdpools were attacked, whereas all V1 and non-Crowdpool V2 pools remained safe." "The exploits targeted several DODO V2 Crowdpools, namely the WSZO, WCRES, ETHA, and FUSI pool. Funds in all other pools, including all V1 pools and all non-Crowdpool V2 pools, are safe." "Dodo explained that a bug enabled attackers to create counterfeit tokens and use flash loans—very fast loans that occur within a single transaction—to collect real tokens."


"[T]his issue only impacted part of our V2 pool functionality. The trading module was unaffected. In addition, only project teams that worked with us during pool creation and provided liquidity for their pools saw losses. DODO users’ assets were untouched."


"Afterward, the attacker used their illicitly minted tokens and funds from the flash loan to drain the Dodo Finance liquidity pools to the tune of approximately $3.8 million."


"DODO has disabled the pool creation portal in the meantime to protect newly-created crowdpools and will now focus on recovering user’s funds with its security partner." "Trading on the DODO platform is unaffected by the exploits." "Wallet addresses that have given DODO approvals are unaffected by the exploits."


"We began our rescue and remediation efforts immediately. Within 15 minutes, our dev[eloper] team identified all the pools that were still exposed to the vulnerability and rescued the remaining funds at risk (roughly $80,000). Then, we disabled the pool creation portal on the frontend side. Our operations team sent out an announcement to inform the DODO community of this incident and reached out to project teams."


"Meanwhile, we monitored the on-chain movements of lost assets and estimated the total to be $3.8 million worth of USDT, ETH, and various project tokens."


"The story of exactly how the funds were recovered evokes a mystery novel with a villain, selfless heroes, plenty of plot twists, and ultimately, a happy ending." "Further analysis revealed that two addresses executed the attack. We will refer to these addresses as Hippo (0x368) (“Individual A” in our preliminary report) and Gazelle (0x355) (“Individual B” in our preliminary report), respectively." "Although Leopard continued to remain anonymous, we were able to directly communicate with Leopard through the help of Samczsun and other white hat friends."


"The only real attacker was Hippo. Hippo executed two attacks, but both were frontrun by Gazelle. Hippo got very frustrated and spent some time writing a contract to bypass Gazelle’s bot. They succeeded this time, and the funds went into Hippo’s contract. Hippo’s withdrawals from the contract were again frontran by bots. Gazelle and Leopard had a “gas battle”, and eventually Leopard won. By this point, Hippo had already executed 3 attacks, but got nothing to show for it, since all of them were frontrun by the bots sniping from the Dark Forest! Hippo was eventually able to execute two successful attacks, but both involved relatively small amounts, netting them a total of about $200,000. We are still exploring ways to recover these funds."


"Before Gazelle returned the drained vETH tokens, their bot was trapped by a honeypot contract designed and deployed specifically for it. This trap contact used 0.05 ETH as bait and stole 324 vETHs (worth about $500,000) from the bot. We still don’t know who set this trap — it could have been Hippo, or it could have been some other individual. We will refer to this trap-setter as Skunk. In the end, Gazelle generously decided to share the loss with us, for which we are very grateful for. Within 24 hours of the attacks, we were able to recover $3.1 million out of the $3.8 million stolen, with a further $200,000 frozen on an exchange at our request and $300,000 given as a special bounty."


On March 19th, 2021, the team "published an official statement regarding the March 9 security incident impacting DODO’s Crowdpooling contracts. Humbled by the experience, [they report they] have updated [their] security practices to the highest industry standards and are reinforcing [their] auditing processes."


"There are many predators in the Dark Forest, but they are not all as cold and ruthless as one might think. We were fortunate enough to be saved by the Good Samaritans of the bot ecosystem, who intercept stolen assets from malicious actors and return them to the victims."


"To this day, there are still many people who believe that the crypto world is full of scammers and hackers. In our opinion, such an overgeneralization is unfair. We are genuinely blessed and humbled by everyone who lent us a helping hand during DODO’s most difficult time."


"Crowdpooling Security audits completed by @peckshield & @Beosin_com. Crowdpooling has been re-enabled."



DODO offered a decentralized exchange platform, which varied from the version audited by Peckshield previously. The specific vulnerability was one which allowed the initialization to be called multiple times by outsiders. The exact series of events is complicated and involves multiple attackers and front-runners. The end result was that $3.8m was lost and $3.1m was recovered. DODO also paid bounties of $300,000.


The smart contract was ultimately relaunched after 2 audits were performed.


Our recommendation is that smart contracts be audited by at least 2 auditors prior to launch, a third after 3 months of operation, and an ongoing 6 month basis. By having the opinions of multiple auditors, the probability of a successful attack drops significantly. In particular, any modifications which happen after the audit should be audited again.


Smart contracts can be secured better by having the majority of funds in a multi-signature treasury structure. A bug bounty can incentivize others to find and report problems as well.


Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.