QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$816 000 USD
AUGUST 2021
GLOBAL
WAULT FINANCE
DESCRIPTION OF EVENTS
"Wault Finance is a decentralized finance hub that connects all of the primary DeFi use-cases within one simple ecosystem, on the Binance Smart Chain and Polygon network. In short, an all-in-one DeFi Platform!" "Wault Finance was launched in early 2021 with no venture capitalists. A fair launch for the community was our priority. Therefore, Wault was started with a market cap of only $150,000 (60 ETH)."
"So, with these goals in mind we’ve built a protocol including 4 tokens – WAULTx, WEX, WEXpoly, and WUSD – and some unique features such as: WaultSwap (AMM), Wault Launchpad (new project presales), Wault Locker (liquidity locks for new or established projects), Wault Farms (staking and farming) and many other great services. We believe these services will amplify trust and wealth-accumulation, for our users."
"On August 4th, 2021, at 1:49:05 AM UTC, an attack took place on WUSD’s pegging mechanism." "From this attack by using the flaw explained above. The attacker gained 370.19 ETH in total after repaying the flash loan."
"Minting $WUSD can be done using the stake() function in WUSDMaster contract. The stake function accepts $USDT from the user in line 700 to mint $WUSD with the rate of 1:1 in line 715, and a portion of the $USDT received is swapped to $WEX using the ratio determined by the wexPermille variable in line 708–714."
"With this logic, each staking of $USDT to mint $WUSD will cause the price of $WEX in the Wault USDT-WEX pool to increase." "After executing the stake() function, it [was] possible to swap the $WUSD back to $USDT by using WUSD-USDT pool with a nearly 1:1 rate in the WSwap AMM. As a result, the WUSDMaster contract [could] be used to pump the $WEX price with almost no cost for the attacker."
"(1) The attacker flash loaned $WUSD from WSwap’s WUSD-USDT pool and redeemed it for $USDT and $WEX. (2) The attacker flash loaned $USDT from PCS’s WBNB-USDT pool to prepare for the attack. (3) The attacker swapped a part of the flash loaned $USDT to $WEX before the price is pumped in the next steps. (4) The attacker staked the flash loaned $USDT to WUSDMaster contract. The 10% of staked $USDT was swapped to $WEX ($WEX price was increased) and the attacker gained the $WUSD with a 1:1 rate. (5) Since there was a limit on the staking amount, the attacker performed step 4 repeatedly to increase the $WEX price with almost no cost. (6) With the manipulated rate, the attacker gained profit in $USDT by swapping $WEX from steps 1 and 3 back to $USDT. (7) The attacker returned the $WUSD and $USDT flash loaned. (8) The attacker swapped the remaining $WUSD and the $USDT profit to $ETH."
"Upon learning of the attack, the Wault team quickly turned off WUSD minting on the UI, and worked with three audit firms to deduce the nature of the attack and scope of the vulnerability, soon identifying it and confirming no more funds were at risk." "[E]ven during the attack, WUSD never dropped below 0.91 because the collateral model held strong as intended. This is already more stable than many other stablecoins at launch, and they didn’t suffer an attack, proving that WUSD’s stability model works."
"The result of the attack was the attacker gained ~$816k from the WUSDMaster contract. However, the 90% portion of USDT collateral for WUSD was not affected, nor was the Treasury; As we stated when introducing WUSD, we designed these two portions of funds to be isolated and safe under all conditions. All other pools and products in Wault were also unaffected and continued operating efficiently."
"Over the following day, the team developed a solution to the vulnerability and simulated it with auditors, confirming that it would eliminate the attack vector and make WUSD safe."
"Mint Timelock (1 block): When someone mints WUSD, they will only receive it one block later. This prevents flash loan attacks. Redeem Timelock (1 block): When someone redeems WUSD, they will only receive it one block later. This prevents flash loan attacks. Minting Fee: We’ll move the 0.2% transaction fee from redemption into a minting fee of 0.2% to mitigate potential arbitrage attacks. Sell WEX On Redeem: Just like how the protocol buys WEX on mint, it will sell WEX on redemption. This will prevent price manipulation attacks."
"The first thing we need to point out is that no funds were stolen nor incorrectly minted. The attacker profited by manipulating the WEX price a modest amount. Following that, some users panic sold and panic redeemed WUSD, which caused the bulk of the WEX price drop."
"The 90% of USDT collateral has held as a strong floor, so all we have to do now is fill up the WEX portion. The first step we did was to buyback and burn $141k worth of WEX from the treasury." "The treasury will continue filling up from the below stability mechanisms until it restores the peg, and then continue to grow as a future buffer." "Due to WUSD being below $1, we’re slowly increasing the portion of WEX emissions that goes to the WUSD Treasury (total WEX emissions are unchanged). This portion is growing and continuing to refill the Treasury." "We’re steadily increasing the WSwap trading fees going to the Treasury from 15%. Along with emissions, these will serve as ongoing buybacks & burns on WEX until the peg is restored." "Once we resume allowing WUSD minting, we’ll be allocating healthy emissions to the WUSD-BUSD pair, which should attract new minters to help refill the treasury."
"With these mechanisms, the WUSD peg should be restored within a number of days, and the treasury will continue to grow to create an additional safety buffer." "In addition, we’re speaking with future WPool partners and offering them incentives to pair their tokens with WUSD for their WPool farms, which will create further buying/minting demand for WUSD."
"We’ll be dedicating half a million dollars from a combination of the team’s development fund and trading fees to do a large buyback & burn of WEX soon. Between this and our other initiatives, it should cover the bulk of the attack amount. However, we won’t just stop there. We’re working on improving security as well."
"We’ll be launching a professional Bug Bounty Program with Immunefi, offering up to $100k USD to their network of white hats to help inspect and secure all our code." "Of course, even though audits aren’t invulnerable as proven by this event, we’ll keep getting them, starting with one next week for our solution on WUSD."
"[W]e want to apologize to any of our users this affected. Even though we commissioned two audits before launching this code, unfortunately, no one foresaw this type of attack. Luckily, this problem occurred early on, giving us the chance to fix it before WUSD’s circulating supply increased further. Now, we can move forward with a technical solution, and do our best to compensate our users." "[W]e will learn from this experience, work harder, and build smarter."
Wault Finance offers a financial service which included a stablecoin. Liquidity was backed by funds in a smart contract hot wallet. Through flash loans and price manipulation, an attacker was able to remove liquidity, with the announcement of the hack triggering a price crash.
No user funds were lost in the attack, however the price dropped. The project identified and resolved the vulnerability, implemented 4 separate mechanisms to restore the stablecoin price, and performed a buy-back of their main project token.
blocksec-incidents/2021.md at main · openblocksec/blocksec-incidents · GitHub (Aug 11)
Wusd Incident Recap And Solution (Aug 29)
Wault Finance Incident Analysis Wex Price Manipulation Using Wusdmaster Contract (Aug 29)
Wault Finance Flash Loan Security Incident Analysis | by Knownsec Blockchain Lab | Medium (Aug 29)
Wault Finance - Wault (Sep 15)
Wault Finance – Wault Finance (Sep 15)
Binance Transaction Hash (Txhash) Details | BscScan (Sep 26)
Address 0x886358f9296de461d12e791bc9ef6f5a03410c64 | BscScan (Sep 26)
Contract Address 0x50AFA9383EA476BDF626d6FbA62AFd0b01C8fEa1 | BscScan (Sep 26)
Contract Address 0x6102D8A7C963F78D46a35a6218B0DB4845d1612F | BscScan (Sep 26)
Contract Address 0x50e8D9Aa83eBDe9608074eC1faaDfD2E792D9B81 | BscScan (Sep 26)
Contract Address 0xa79Fe386B88FBee6e492EEb76Ec48517d1eC759a | BscScan (Sep 26)
Contract Address 0x16b9a82891338f9bA80E2D6970FddA79D1eb0daE | BscScan (Sep 26)
Binance Transaction Hash (Txhash) Details | BscScan (Sep 26)
Transparency - Wault (Sep 26)
CertiK Audit Report for Wault Finance (Sep 26)
