Superfluid Wallet Impersonation - Revision history

Azoundria: Another 30 minutes complete. All sources merged in. Prevention added. Information relocated around.

2023-07-13T20:59:56Z

Another 30 minutes complete. All sources merged in. Prevention added. Information relocated around.

Azoundria at 20:43, 2 March 2023

2023-03-02T20:43:33Z

← Older revision		Revision as of 14:43, 2 March 2023
Line 1:		Line 1:
	{{Imported Case Study\|source=https://www.quadrigainitiative.com/casestudy/superfluidwalletimpersonation.php}}		{{Imported Case Study 2\|source=https://www.quadrigainitiative.com/casestudy/superfluidwalletimpersonation.php}}
			{{Unattributed Sources}}

	[[File:Superfluid.jpg\|thumb\|Superfluid]]Superfluid offers an innovative way for entities to continually stream payments, settling recurring and continual payments without multiple transactions being required. Despite multiple audits, an exploit still existed in the smart contract hot wallet which allowed the attacker to impersonate paying entities and create payment flows to themselves, stealing a total of $8.7m. The attacker successfully mixed funds with TornadoCash, however 10% of funds (and 80% of users) were reimbursed by the team. The project continues after launching a bug bounty and most recently sponsoring a hackathon.		[[File:Superfluid.jpg\|thumb\|Superfluid]]Superfluid offers an innovative way for entities to continually stream payments, settling recurring and continual payments without multiple transactions being required. Despite multiple audits, an exploit still existed in the smart contract hot wallet which allowed the attacker to impersonate paying entities and create payment flows to themselves, stealing a total of $8.7m. The attacker successfully mixed funds with TornadoCash, however 10% of funds (and 80% of users) were reimbursed by the team. The project continues after launching a bug bounty and most recently sponsoring a hackathon.

	This is a global/international case not involving a specific country.		This is a global/international case not involving a specific country.
			<ref name="rektnews-6619" /><ref name="superfluidfinance-6620" /><ref name="superfluidfinancedocs-6621" /><ref name="ledgerinsights-6622" /><ref name="superfluidblogmedium-6623" /><ref name="superfluidblogmedium-6624" /><ref name="theblockcrypto-6625" /><ref name="coindesk-6626" /><ref name="superfluidhqtwitter-6627" /><ref name="superfluidhqtwitter-6628" /><ref name="superfluidhqtwitter-6629" /><ref name="icodrops-6630" /><ref name="polygonscan-6631" />

	== About Superfluid ==		== About Superfluid ==
Line 83:		Line 85:
	!Description		!Description
	\|-		\|-
	\|February 7th, 2022 11:17:04 PM		\|February 7th, 2022 11:17:04 PM MST
	\|Main Event		\|Main Event
	\|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.		\|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
Line 110:		Line 112:
	== Ongoing Developments ==		== Ongoing Developments ==
	What parts of this case are still remaining to be concluded?		What parts of this case are still remaining to be concluded?
			== General Prevention Policies ==
			Unfortunately this project placed all funds in smart contract hot wallets, when it would have worked just as well if the hot wallets were periodically funded from a cold storage multi-sig wallet. As we already know, even audited smart contract hot wallets can be vulnerable to exploits. A good partnership could create an insurance fund to cover any future losses.
			== Individual Prevention Policies ==
			{{Prevention:Individuals:Placeholder}}

			{{Prevention:Individuals:End}}

			== Platform Prevention Policies ==
			{{Prevention:Platforms:Placeholder}}

			{{Prevention:Platforms:End}}

	== Prevention Policies ==		== Regulatory Prevention Policies ==
	Unfortunately this project placed all funds in smart contract hot wallets, when it would have worked just as well if the hot wallets were periodically funded from a cold storage multi-sig wallet. As we already know, even audited smart contract hot wallets can be vulnerable to exploits. A good partnership could create an insurance fund to cover any future losses.		{{Prevention:Regulators:Placeholder}}

			{{Prevention:Regulators:End}}

	== References ==		== References ==
	[https://rekt.news/superfluid-rekt/ Rekt - Superfluid - REKT] (Feb 18)		<references><ref name="rektnews-6619">[https://rekt.news/superfluid-rekt/ Rekt - Superfluid - REKT] (Feb 18, 2022)</ref>

	[https://www.superfluid.finance/home https://www.superfluid.finance/home] (Feb 21)		<ref name="superfluidfinance-6620">[https://www.superfluid.finance/home https://www.superfluid.finance/home] (Feb 21, 2022)</ref>

	[https://docs.superfluid.finance/superfluid/protocol-overview/what-is-superfluid What is Superfluid? - Superfluid] (Feb 22)		<ref name="superfluidfinancedocs-6621">[https://docs.superfluid.finance/superfluid/protocol-overview/what-is-superfluid What is Superfluid? - Superfluid] (Feb 22, 2022)</ref>

	[https://www.ledgerinsights.com/superfluid-raises-9m-for-crypto-programmable-money-with-novel-business-potential/ Superfluid raises $9m for crypto programmable money with novel business potential - Ledger Insights - enterprise blockchain] (Feb 22)		<ref name="ledgerinsights-6622">[https://www.ledgerinsights.com/superfluid-raises-9m-for-crypto-programmable-money-with-novel-business-potential/ Superfluid raises $9m for crypto programmable money with novel business potential - Ledger Insights - enterprise blockchain] (Feb 22, 2022)</ref>

	[https://medium.com/superfluid-blog/superfluid-sponsoring-ethernals-2022-hackathon-2b6ddb135aa8 Superfluid Sponsoring Ethernals 2022 Hackathon] (Feb 22)		<ref name="superfluidblogmedium-6623">[https://medium.com/superfluid-blog/superfluid-sponsoring-ethernals-2022-hackathon-2b6ddb135aa8 Superfluid Sponsoring Ethernals 2022 Hackathon] (Feb 22, 2022)</ref>

	[https://medium.com/superfluid-blog/launching-superfluid-bug-bounty-program-with-immunefi-603401305e8d Launching Superfluid Bug Bounty Program With Immunefi] (Feb 22)		<ref name="superfluidblogmedium-6624">[https://medium.com/superfluid-blog/launching-superfluid-bug-bounty-program-with-immunefi-603401305e8d Launching Superfluid Bug Bounty Program With Immunefi] (Feb 22, 2022)</ref>

	[https://www.theblockcrypto.com/post/111139/ethereum-money-streaming-protocol-superfluid-raises-9-million-seed Ethereum-based money streaming protocol Superfluid raises $9 million] (Feb 22)		<ref name="theblockcrypto-6625">[https://www.theblockcrypto.com/post/111139/ethereum-money-streaming-protocol-superfluid-raises-9-million-seed Ethereum-based money streaming protocol Superfluid raises $9 million] (Feb 22, 2022)</ref>

	[https://www.coindesk.com/business/2021/07/13/superfluid-raises-9m-for-a-new-take-on-streaming-payments/ Superfluid Raises $9M for a New Take on Streaming Payments - CoinDesk] (Feb 22)		<ref name="coindesk-6626">[https://www.coindesk.com/business/2021/07/13/superfluid-raises-9m-for-a-new-take-on-streaming-payments/ Superfluid Raises $9M for a New Take on Streaming Payments - CoinDesk] (Feb 22, 2022)</ref>

	[https://twitter.com/Superfluid_HQ/status/1491810402585530368 @Superfluid_HQ Twitter] (Feb 22)		<ref name="superfluidhqtwitter-6627">[https://twitter.com/Superfluid_HQ/status/1491810402585530368 @Superfluid_HQ Twitter] (Feb 22, 2022)</ref>

	[https://twitter.com/Superfluid_HQ/status/1491797866024620034 @Superfluid_HQ Twitter] (Feb 22)		<ref name="superfluidhqtwitter-6628">[https://twitter.com/Superfluid_HQ/status/1491797866024620034 @Superfluid_HQ Twitter] (Feb 22, 2022)</ref>

	[https://twitter.com/Superfluid_HQ/status/1490967502364594177 @Superfluid_HQ Twitter] (Feb 22)		<ref name="superfluidhqtwitter-6629">[https://twitter.com/Superfluid_HQ/status/1490967502364594177 @Superfluid_HQ Twitter] (Feb 22, 2022)</ref>

	[https://icodrops.com/superfluid/ https://icodrops.com/superfluid/] (Feb 22)		<ref name="icodrops-6630">[https://icodrops.com/superfluid/ https://icodrops.com/superfluid/] (Feb 22, 2022)</ref>

	[https://polygonscan.com/tx/0x396b6ee91216cf6e7c89f0c6044dfc97e84647f5007a658ca899040471ab4d67 Polygon Transaction Hash (Txhash) Details \| PolygonScan] (Feb 22)		<ref name="polygonscan-6631">[https://polygonscan.com/tx/0x396b6ee91216cf6e7c89f0c6044dfc97e84647f5007a658ca899040471ab4d67 Polygon Transaction Hash (Txhash) Details \| PolygonScan] (Feb 22, 2022)</ref></references>

Azoundria: Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/superfluidwalletimpersonation.php}} SuperfluidSuperfluid offers an innovative way for entities to continually stream payments, settling recurring and continual payments without multiple transactions being required. Despite multiple audits, an exploit still existed in the smart contract hot wallet which allowed the attacker to impersonate paying entities and create pay..."

2023-01-28T16:46:09Z

Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/superfluidwalletimpersonation.php}} thumb|SuperfluidSuperfluid offers an innovative way for entities to continually stream payments, settling recurring and continual payments without multiple transactions being required. Despite multiple audits, an exploit still existed in the smart contract hot wallet which allowed the attacker to impersonate paying entities and create pay..."

New page

{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/superfluidwalletimpersonation.php}}

[[File:Superfluid.jpg|thumb|Superfluid]]Superfluid offers an innovative way for entities to continually stream payments, settling recurring and continual payments without multiple transactions being required. Despite multiple audits, an exploit still existed in the smart contract hot wallet which allowed the attacker to impersonate paying entities and create payment flows to themselves, stealing a total of $8.7m. The attacker successfully mixed funds with TornadoCash, however 10% of funds (and 80% of users) were reimbursed by the team. The project continues after launching a bug bounty and most recently sponsoring a hackathon.

This is a global/international case not involving a specific country.

== About Superfluid ==
"Discover Programmable Cashflows. Handle subscriptions, salaries, rewards and any composable stream of value, with continuous settlement and per-second netting for extreme capital efficiency."

"Superfluid is a smart contract framework on L1 Ethereum, enabling you to move assets on-chain following predefined rules called agreements. With a single on-chain transaction, the money will flow from your wallet to the receiver in real time! No further transactions required- it works like magic."

"Superfluid is a new token standard, with the power to describe cashflows, and execute them automatically on chain over time in a non-interactive way."

"Superfluid flows are programmable, composable and modular. Our first cashflow types allow constant streams of value, and one-to-many distributions."

"All flows are settled at the same time, based on block timestamps. This makes it possible to net inflows and outflows, increasing capital efficiency."

"Despite the new lingo, Superfluid looks to be a foundational programmable money application on public blockchain. Currently, it may be targeting the crypto world, but the real-world business application potential is massive." Kyle Semani of Multicoin Capital, which led the funding round, wrote that Superfluid “represents the biggest step forwards in value transfer since the advent of Bitcoin.”

"Think about salary payments, particularly for people who often need to resort to payday loans. What if you could pay them hourly? With Superfluid that’s entirely possible. It lets you open a “stream” where you set a rate over a period of time, say $15/hour. It converts that into a per-second amount and can continuously stream that amount to the recipient’s wallet. Sure, people don’t work 24 hours a day, but you get the idea." "Because it’s programmable money, the recipient could also set up a stream to use the incoming salary payment, maybe to pay their rent if their landlord has a wallet."

“Things like subscriptions have never taken off in crypto, while in Web 2 every online business is a subscription business. Money streaming is futuristic and aligned with crypto ethos, and can help the crypto native economy to flourish.”

"Prior to the attack, Superfluid’s contracts were peer-reviewed by several users and advisors to the project, as well as audited by Peckshield."

"On February 8, 2022, an attacker exploited Superfluid’s host contract by passing in faulty calldata, which allowed them to create distribution indexes spoofing several different accounts that held Super-tokens. This vulnerability enabled the attacker to move funds from Superfluid user wallets to exchanges on Polygon and swap to ETH."

"Superfluid.sol, known as the host contract, is the contract that allows composable Superfluid agreements (ConstantFlowAgreement, InstantDistributionAgreement) in one single transaction, and the composed systems are often called Super Apps."

"However, in order to have a trusted and shared state through the entire transaction between different agreement calls, a concept called “ctx” (a serialized state managed by the host contract) is introduced. The “ctx” contains all the context an agreement function needs to know, that includes especially who is the “msg.sender” of the initial call."

"That’s where an unfortunate vulnerability was exploited. The attacker was able to skillfully craft the calldata such that the process of serialization in the host contract and succeeding de-serialization in the agreement contract resulted in the agreement contract operating on a context object forged specifically to impersonate other accounts. This mechanism was used in order to create IDA indexes “on behalf” of other accounts and move out their tokens that way."

"The problem was that as in the exploiting function deleteAnyFlowBad, one can inject a fake ctx. After being merged into one bytes object by Superfluid.replacePlaceholderCtx (the Host doesn’t make any assumptions about agreement specific data), the resulting dataWithCtx now contains 2 ctx variants, the legitimate one and the injected one. When the agreement contract decodes this data, the abi decoder takes the first (injected) variant and ignores the remaining data which contains the legitimate ctx."

"In total, 11’008 MATIC, 1’507’931 MOCA, 28 ETH, 39’357 sdam3CRV, 19’387’874 QI, 44’581 SDT, 23’653 STACK and 562’834 USDC were stolen by the attacker." "$8.7M drained from Superfluid. The crypto streaming protocol was exploited by an anonymous attacker, causing collateral damage to several other DAO's."

"When the development team was first notified of the attack at 6:48 am UTC, after gathering more information and identifying the vulnerability, the decision was made to execute a protocol update which temporarily blocked all agreement invocations. This was done in order to make sure that no further funds could be drained. One hour and a half later, another protocol upgrade containing the actual mitigation was deployed."

"At the time of writing, over 2700 ETH is sitting in the attacker’s wallet, as well as 500’000 MOCA. The wallet is being monitored. Forensic researchers were engaged to attempt to track down the attacker."

"[T]he attack is over and the vulnerability has been patched. There are no additional funds at risk. There are no indications of any other vulnerabilities or attack vectors in the system."

"The attacker was offered a $1M bounty for the safe return of the funds. The offer remains on the table." "While we are still hoping the attacker will return the funds (we’ve offered a 1M$ bug bounty), they have so far not responded. We will do everything in our power to retrieve these funds, and to this end we’re engaging experienced forensic experts to track down the address. It wouldn’t be the first time a Tornado Cash address is de-anonymized."

"As part of our broader plan to shield the Superfluid Protocol users against malicious actors and enhance the overall security of its smart contracts, today we are launching a Bug Bounty program to reward white hat hackers and developers for discovering and reporting bugs in the Superfluid smart contracts codebase." "[W]e are designing a formal bug bounty program that will launch on February 15th, 2022." "This program will offer a reward up to $200,000 for vulnerabilities classified as “critical”, where there is a direct theft of any user funds, or any permanent freezing of funds."

"After discussions with impacted parties, a compensation plan was developed." "As of now, in less than 18 hours from the attack, we have already recapitalized 80% of the affected addresses through a direct transfer of USDC. The remaining 20% represents more than 90% of the funds stolen, in particular the larger losses suffered by the QI and MOCA teams. After consulting with these teams, we have agreed on a longer term compensation plan which takes into account the range of available options given the entirety of circumstances, including financial considerations. We are grateful these projects fully understand and appreciate our position."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

* Known history of when and how the service was started.
* What problems does the company or service claim to solve?
* What marketing materials were used by the firm or business?
* Audits performed, and excerpts that may have been included.
* Business registration documents shown (fake or legitimate).
* How were people recruited to participate?
* Public warnings and announcements prior to the event.

Don't Include:
* Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
* Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

== The Reality ==
This sections is included if a case involved deception or information that was unknown at the time. Examples include:

* When the service was actually started (if different than the "official story").
* Who actually ran a service and their own personal history.
* How the service was structured behind the scenes. (For example, there was no "trading bot".)
* Details of what audits reported and how vulnerabilities were missed during auditing.

== What Happened ==
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
{| class="wikitable"
|+Key Event Timeline - Superfluid Wallet Impersonation
!Date
!Event
!Description
|-
|February 7th, 2022 11:17:04 PM
|Main Event
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
|-
|
|
|
|}

== Total Amount Lost ==
The total amount lost has been estimated at $8,700,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

== Immediate Reactions ==
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

== Ultimate Outcome ==
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

== Total Amount Recovered ==
The total amount recovered has been estimated at $870,000 USD.

What funds were recovered? What funds were reimbursed for those affected users?

== Ongoing Developments ==
What parts of this case are still remaining to be concluded?

== Prevention Policies ==
Unfortunately this project placed all funds in smart contract hot wallets, when it would have worked just as well if the hot wallets were periodically funded from a cold storage multi-sig wallet. As we already know, even audited smart contract hot wallets can be vulnerable to exploits. A good partnership could create an insurance fund to cover any future losses.

== References ==
[https://rekt.news/superfluid-rekt/ Rekt - Superfluid - REKT] (Feb 18)

[https://www.superfluid.finance/home https://www.superfluid.finance/home] (Feb 21)

[https://docs.superfluid.finance/superfluid/protocol-overview/what-is-superfluid What is Superfluid? - Superfluid] (Feb 22)

[https://www.ledgerinsights.com/superfluid-raises-9m-for-crypto-programmable-money-with-novel-business-potential/ Superfluid raises $9m for crypto programmable money with novel business potential - Ledger Insights - enterprise blockchain] (Feb 22)

[https://medium.com/superfluid-blog/superfluid-sponsoring-ethernals-2022-hackathon-2b6ddb135aa8 Superfluid Sponsoring Ethernals 2022 Hackathon] (Feb 22)

[https://medium.com/superfluid-blog/launching-superfluid-bug-bounty-program-with-immunefi-603401305e8d Launching Superfluid Bug Bounty Program With Immunefi] (Feb 22)

[https://www.theblockcrypto.com/post/111139/ethereum-money-streaming-protocol-superfluid-raises-9-million-seed Ethereum-based money streaming protocol Superfluid raises $9 million] (Feb 22)

[https://www.coindesk.com/business/2021/07/13/superfluid-raises-9m-for-a-new-take-on-streaming-payments/ Superfluid Raises $9M for a New Take on Streaming Payments - CoinDesk] (Feb 22)

[https://twitter.com/Superfluid_HQ/status/1491810402585530368 @Superfluid_HQ Twitter] (Feb 22)

[https://twitter.com/Superfluid_HQ/status/1491797866024620034 @Superfluid_HQ Twitter] (Feb 22)

[https://twitter.com/Superfluid_HQ/status/1490967502364594177 @Superfluid_HQ Twitter] (Feb 22)

[https://icodrops.com/superfluid/ https://icodrops.com/superfluid/] (Feb 22)

[https://polygonscan.com/tx/0x396b6ee91216cf6e7c89f0c6044dfc97e84647f5007a658ca899040471ab4d67 Polygon Transaction Hash (Txhash) Details | PolygonScan] (Feb 22)