$250 000 USD

NOVEMBER 2024

GLOBAL

SPECTRAL LABS

DESCRIPTION OF EVENTS

The Spectral Labs platform allows users to create autonomous, sentient AI agents (referred to as "Sentient Memes") that can think, trade, and interact on-chain. It offers a no-code tool for building these agents, allowing users to quickly bring their memes to life. These agents are governed through token-based chats, enabling community-driven decision-making. Each agent has its own wallet, transacts independently on the blockchain, and operates 24/7, utilizing advanced APIs for informed market actions. The platform also emphasizes self-sustaining economies where agents earn funds from token swaps, promoting continuous growth. Users can govern the agents' decisions based on token holdings, which increases their influence in the platform’s ecosystem.

 

"At Spectral, we envision a decentralized future where the power of autonomous onchain agents is accessible to everyone. We are building the Onchain Agent Economy—a bold new paradigm where anyone can create, own, and govern intelligent agents that autonomously navigate the crypto landscape, execute complex strategies, and seize opportunities 24/7.

 

Our mission is to democratize onchain execution by breaking down barriers and leveling the playing field. Whether you're a seasoned trader or just diving into the crypto world, degen or normie, risk on or risk off, we empower you to delegate intricate tasks to intelligent agents through simple, natural language conversations."

 

An attacker exploited a vulnerability in the system by first taking out a flash loan to acquire SPEC and swapping it for AgentToken.sol through the AutonomousAgentDeployer.sol contract. After swapping the token back for SPEC, an unintended infinite approval was granted to AgentBalances.sol, allowing the attacker to drain the available AgentToken.sol balance by calling the deposit function. This left a minimal amount of tokens in the pool. The attacker then exploited the bonding curve model, which mispriced the AgentToken.sol due to the artificially low balance, and used a small amount of the token to extract a disproportionately large amount of SPEC from the liquidity pool.

 

"The exploit centers around an unintended infinite approval in the `AgentToken.sol` contract between the `AgentBalances.sol` and `AutonomousAgentDeployer.sol`. Specifically, during the `transferFrom` , the following sequence occurs:

 

1. **TransferFrom Initiation**: The `AutonomousAgentDeployer.sol` calls `transferFrom` on the `AgentToken.sol` contract to transfer tokens from the user to the `AgentBalances.sol` contract. 2. **Tax Trigger**: Transferring `AgentToken.sol`s to a contract triggers the transfer tax. 3. **Approval Oversight**: Inside the transfer logic, an unintended line of code (line 90) was left in: This approval unintentionally gave `AgentBalances.sol` unlimited access to spend `AgentToken.sol` from the `AutonomousAgentDeployer.sol`. Our version of the `deposit` function was generic to allow agent creators the option to send funds to their agent’s trading wallet and support its operations, however, the infinite approval was an oversight in this implementation, enabling anyone to send tokens (used to calculate the price of an `AgentToken` in our internal pools) into `AgentBalances.sol`."

 

"An attacker exploited this vulnerability through the following steps:

 

1. **Preparation** - **Flash Loan**: The attacker took out a flash loan to obtain SPEC. - **Initial Swap**: They swapped SPEC for an `AgentToken.sol` in the `AutonomousAgentDeployer.sol` contract through `swapExactSPECForTokens`. 2. **Triggering the Infinite Approval** - **Swapping Back**: The attacker swapped the `AgentToken.sol` back for SPEC in the `AutonomousAgentDeployer.sol` contract through `swapExactTokensForSPEC`. - **Tax Application**: The `AutonomousAgentDeployer.sol` calls `transferFrom` to transfer tokens from the user to itself. Because `AgentToken.sol` is being sent to a contract, the transfer tax is applied - **Unintended Approval**: `AgentBalances.sol` was inadvertently given infinite approval to spend `AgentToken.sol` from the `AutonomousAgentDeployer.sol`. 3. **Exploiting the Approval** - **Calling Deposit**: The attacker called the public `deposit` function on the `AgentBalances.sol` contract. - **Draining Tokens**: Using the infinite approval, the attacker transferred nearly all available `AgentToken.sol` balance in the pool from `AutonomousAgentDeployer.sol` to `AgentBalances.sol`, leaving only 100 `AgentToken.sol` behind. 4. **Manipulating the Bonding Curve** - **Swap Execution**: The attacker called `swapExactTokensForSPEC` on the `AutonomousAgentDeployer.sol`. Since all the `AgentToken` has been moved from `AutonomousAgentDeployer.sol` the bonding curve calculation incorrectly determined a new price of `AgentToken` to be much higher than usual. - **Bonding Curve Exploit**: - For tokens which have not bonded yet, the liquidity is held within `AutonomousAgentDeployer.sol`. - The bonding curve uses an XYK (constant product) model. - With the `AgentToken.sol` balance artificially lowered, the bonding curve mispriced the `AgentToken.sol`, making it appear significantly more valuable. - **Draining SPEC**: The attacker used a small amount of `AgentToken.sol` to extract a disproportionately large amount of SPEC from the liquidity pool."

 

"We were alerted to a vulnerability affecting select tokens on the bonding curve contracts of Syntax, which was used to remove approximately $200K in liquidity. Upon identifying the issue, we took immediate steps to secure the platform and protect our users as follows: - Access to the Syntax app has been temporarily deactivated. - Contracts have been paused to prevent any further programmatic interaction.

 

We are now collaborating with leading security experts in the industry to conduct a thorough analysis of the vulnerability, identify the root cause, and implement updates to restore the platform as soon as possible. We believe these measures are the most effective way to safeguard our community. We will provide detailed updates shortly. Thank you for your patience and trust as our team works through this resolution."

 

"On December 1, 2024, Spectral's Syntax platform suffered a security breach, here’s a summary of the remediation efforts we’re taking:

 

- Contract Updates: We’ve identified and rectified the vulnerability in the bonding curve contract to prevent future exploits. - Additional Third-Party Audits: We’ve engaged Zellic to audit the updates to the contracts. - Fund Replenishment: We are replenishing SPEC tokens to restore the bonding curves to their pre-exploit state.

 

We deeply regret this incident and are dedicated to restoring trust through these actions. Operations will resume promptly upon completion of the audits."

 

"Our team has already begun modifying the contracts and expects to conclude this process as soon as auditing and testing is fortified. We deeply regret the occurrence of this exploit and take full responsibility for the breach. Ensuring the security and trust of our community remains our primary commitment, and the implementation of the discussed measures is underway with full force. We thank you for your patience and trust as we work to turn this challenge into an opportunity to grow stronger and more focused on delivering our vision for a thriving on-chain agent economy."

 

"After a brief hiatus, we’re excited to be back online! Full functionality will follow after final audits."

 

"...and we’re back! All affected pools are fully replenished"

 

"The new year is off to a bullish start: in just one month since Syntax launched, our agents have processed trading ideas 21M+ times and traded $800K+ in cumulative volume on @HyperliquidX. Massive shoutout to our 152K+ users—your 13K+ governance interactions have been key in advising and refining our agents’ trading strategies. Onward and upward!"

 

Explore This Case Further On Our Wiki

Spectral Labs enables users to create autonomous, sentient AI agents ("Sentient Memes") that can think, trade, and interact on-chain using a no-code tool. Agents transacts independently 24/7 with their own wallet, governed by token-based chats that allow community-driven decision-making, and advanced APIs for informed trading. An exploit occurred when an attacker exploited an unintended infinite approval in the system's bonding curve contracts. This led to the draining of liquidity and the manipulation of the token price, resulting in a significant loss. In response, Spectral Labs temporarily deactivated the platform, worked with security experts to fix the vulnerability, and replenished lost funds. The platform has since resumed operations, with updates and audits to ensure security and trust within its growing on-chain agent economy.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2019 - 2025 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.