BonqDAO Protocol Oracle Hack

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

BonqDAO

Bonq DAO is a non-custodial, decentralized, and over-collateralized lending platform that allows users to borrow against their own tokens at zero interest rate. It also creates a deep liquidity solution without incentivizing or paying the other side of the liquidity pool. BonqDAO uses the BEUR, a collateralized, low volatility payment coin to allow users to borrow against their whitelisted crypto assets at a zero interest rate. Omniscia’s audit of BonqDAO raised concerns over “multiple vulnerabilities as well as core design flaws”. An anonymous attacker was able to manipulate the Tellor price feed to their advantage and siphon off funds amounting to approximately $120M, although they managed to steal less than $2M. The attacker deposited 10 TRB to call the depositStake function of the TellorFlex contract and stake 0.1 $WALBT to the trove contract to borrow 100M $BEUR by artificially inflating the price of WALBT. The damage to BonqDAO was brutal, with TVL drained from ~$13M to just over $100k at the time of writing. Stolen BEUR was dumped on Polygon for just over $500K. The attacker’s ETH address currently holds 711 ETH ($1.2M) and 535k DAI, as well as 89M ALBT.

This is a global/international case not involving a specific country.^[1][2][3]

About BonqDAO

^[4][5]

Bonq DAO "We make self-sovereign finance a reality. With Bonq, businesses and individuals can access liquidity of their crypto assets without giving up ownership and completely interest-free!"

"List your token on Bonq once and never worry about liquidity again. Token holders can borrow against their whitelisted crypto assets at ZERO interest rate and own their liquidity."

"On-chain, non-custodial and decentralized liquidity protocol that uses a collateralized, low volatility payment coin (BEUR). Users can borrow BEUR against their whitelisted crypto assets at ZERO interest rate and own their liquidity."

"Bonq is a non-custodial, decentralized and over-collateralized lending platform that solves four critical problems for projects and protocols that have a token: Allows them to borrow against their own tokens at zero interest rate. Creates deep liquidity solution without the need to incentivize or pay the other side of the liquidity pool. Offers sustainable yields to their community members holding tokens in a safe and secure environment. Allows Treasuries to de-risk and create a smart capital allocation."

"Omniscia’s audit of BonqDAO raised concerns over “multiple vulnerabilities as well as core design flaws”.

According to Omniscia's post-mortem, BonqDAO decided to:

not move forward with the implementations audited at the time, opting to integrate Chainlink oracles in the future.

The Bonq Protocol has introduced numerous updates since the time the audit was finalized, including all contracts involved in the vulnerability (ConvertedPriceFeed, ChainlinkPriceFeed, and TellorPriceFeed). These contracts were never in scope of any audit conducted by the Omniscia team and thus are considered to be unaudited code."

"The Polygon-based lending and stablecoin protocol was hit by a two-stage attack on Wednesday in another example oracle manipulation."

"@BonqDAO got bonked for $120M last week.

But the anonymous attacker got away with less than $2M."

"Despite all the action being visible on-chain, BonqDAO telegram admins attempted to downplay the incident whilst the team presumably worked out what had happened."

"Samczsun summarised the attack as follows:

the attacker said "btw 1 ALBT = 5 billion MATIC now" and Bonq said "ok"

The hacker was able to manually update the Tellor price feed of (wrapped) WALBT collateral by staking 10 TRB tokens (worth just ~$175).

The attacker then used the submitValue function to report WALBT price to the oracle and, because BonqDAO uses the instant value, the attaker was able to borrow against their inflated collateral within the same tx.

Firstly, the ALBT price was raised, allowing the attacker to mint 100M BEUR, Bonq’s Euro-pegged stablecoin against 0.1 WALBT collateral.

Then, in a subsequent transaction, the WALBT price was reset to extremely low, allowing the attacker to liquidate user’s WALBT collateral, and netting approximately 113M WALBT."

"The attacker calls the depositStake function of the TellorFlex contract, depositing 10 $TRB. Why 10 TRBs? We can see that the takeAmount is exactly 10*10^18

Next, the hacker calls the submitValue function to submit a request to change the $WALBT price. The function determines if the caller's stake amount has reached the pre-set takeAmount, which is why the attacker needs to first stake 10 TRB tokens (10^18 is decimal point).

This function will record the price submitted by the caller, in this case 50000000000000000000000000000000.

After the price is set, the hacker calls the createTrove function of the Bonq contract to create the trove(0x4248FD) contract, which is a contract of data recording, borrowing and liquidating. Next, the attacker stakes 0.1 $WALBT to the contract to perform a borrowing operation.

Normally, the borrowing amount should be < 0.1 WALBT to ensure collateral rate in a safe range. But in this contract, the calculation of the collateral value is via TellorFlex contract. The attacker has already raised $WALBT price, thus being able to borrow 100M $BEUR.

The hacker sets $WALBT to a low price in 2nd TX. When the $WALBT price is extremely low, the stake rate of WALBTs staked by other users will be at liquidation, enabling hacker to liquidate $WALBT staked by other users at low cost, eventually obtaining ~114M WALBT."

"Losses have been widely reported to be up to $120M, using the tokens’ prices at the time of the hack. But low liquidity meant the attacker has only managed to swap the loot to around $1.7M worth of ETH and DAI, so far.

Nevertheless, the damage to BonqDAO was brutal, with TVL drained from ~$13M yesterday to just over $100k at the time of writing."

"Stolen BEUR was dumped on Polygon for just over $500K. Funds were then sent to the attacker’s Ethereum address, where the ALBT was repeatedly dumped for ETH. The attacker’s ETH address currently holds 711 ETH (~$1.2M) and 535k DAI, as well as 89M ALBT (supposedly worth ~$3M, if the attacker can find somewhere to sell it…)."

"BlockSec provided a detailed flowchart of funds, which can be found here. The attacker’s ETH address was funded via Tornado Cash shortly before the attack, and the stolen funds have since been deposited back into the mixer."

"While it may have been BonqDAO had the vulnerability, AllianceBlock has suffered significant collateral damage from this incident.

The sell-off of Bonq users' liquidated ALBT caused its price to dump up to ~75% following the attack. AllianceBlock have stated they will reissue the token and airdrop to users based on a Snapshot from before the hack.

Bonq’s Euro stablecoin, BEUR, has dropped to approximately 25% below its peg and the price of the DAO’s token, BNQ, has also taken a hit of over 30%.

AllianceBlock may not be at fault for the vulnerability, but perhaps they need to work on their due diligence."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

• Known history of when and how the service was started.
• What problems does the company or service claim to solve?
• What marketing materials were used by the firm or business?
• Audits performed, and excerpts that may have been included.
• Business registration documents shown (fake or legitimate).
• How were people recruited to participate?
• Public warnings and announcements prior to the event.

Don't Include:

• Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
• Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

• When the service was actually started (if different than the "official story").
• Who actually ran a service and their own personal history.
• How the service was structured behind the scenes. (For example, there was no "trading bot".)
• Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

MetaSleuth (BlockSecTeam) Analysis

1/ The profit of @BonqDAO attacker is around 98.6M BEUR 113M WALBT. Specifically, 113M WALBT was burned to unlock 113M ALBT. ~0.5M BEUR was swapped to 534,535 USDC and t to Ethereum (0xcacf…6642). 98.1M BEUR was still on the attacker’s account on Polygon.

2/ For 0xcacf..6642 on Ethereum, it s[w]apped the received USDC to DAI using 0xExchange(@0xproject). Also, WALBT is swapping into ETH/USDT using 0xExchange and Uniswap. The account currently holds 711 ETH, 534,481 DAI, and 89M ALBT.

3/ Update： The @BonqDAO  attacker has swapped DAI for Ether and laundered 1,105 Ether via Tornado Cash.

Total Amount Lost

The total amount lost has been estimated at $120,000,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Bonq Protocol Documentation Update

^[5][12][13]

On Feb 1st, 2023 Bonq protocol was exposed to oracle hack

Protocol is at the moment paused. Recommended course of actions is, to visit Bonq app and withdraw any available Trove collaterals. Bonq repaid all debts on the remaining troves, so collaterals can be withdrawn! Any other actions, that are not officially communicated, please withhold on them.

Hack report Bonq 2.0 recovery/reboot proposal

Please bear with us and thank you for your understanding.

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References