BonqDAO Protocol Oracle Hack

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 13:45, 31 May 2023 by Azoundria (talk | contribs) (Testing save)
Jump to navigation Jump to search
BonqDAO

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Bonq DAO is a non-custodial, decentralized, and over-collateralized lending platform that allows users to borrow against their own tokens at zero interest rate. It also creates a deep liquidity solution without incentivizing or paying the other side of the liquidity pool. BonqDAO uses the BEUR, a collateralized, low volatility payment coin to allow users to borrow against their whitelisted crypto assets at a zero interest rate. Omniscia’s audit of BonqDAO raised concerns over “multiple vulnerabilities as well as core design flaws”. An anonymous attacker was able to manipulate the Tellor price feed to their advantage and siphon off funds amounting to approximately $120M, although they managed to steal less than $2M. The attacker deposited 10 TRB to call the depositStake function of the TellorFlex contract and stake 0.1 $WALBT to the trove contract to borrow 100M $BEUR by artificially inflating the price of WALBT. The damage to BonqDAO was brutal, with TVL drained from ~$13M to just over $100k at the time of writing. Stolen BEUR was dumped on Polygon for just over $500K. The attacker’s ETH address currently holds 711 ETH ($1.2M) and 535k DAI, as well as 89M ALBT.

About BonqDAO

[1][2]

Bonq DAO "We make self-sovereign finance a reality. With Bonq, businesses and individuals can access liquidity of their crypto assets without giving up ownership and completely interest-free!"

"List your token on Bonq once and never worry about liquidity again. Token holders can borrow against their whitelisted crypto assets at ZERO interest rate and own their liquidity."

"On-chain, non-custodial and decentralized liquidity protocol that uses a collateralized, low volatility payment coin (BEUR). Users can borrow BEUR against their whitelisted crypto assets at ZERO interest rate and own their liquidity."

"Bonq is a non-custodial, decentralized and over-collateralized lending platform that solves four critical problems for projects and protocols that have a token: Allows them to borrow against their own tokens at zero interest rate. Creates deep liquidity solution without the need to incentivize or pay the other side of the liquidity pool. Offers sustainable yields to their community members holding tokens in a safe and secure environment. Allows Treasuries to de-risk and create a smart capital allocation."

"Omniscia’s audit of BonqDAO raised concerns over “multiple vulnerabilities as well as core design flaws”.

According to Omniscia's post-mortem, BonqDAO decided to:

not move forward with the implementations audited at the time, opting to integrate Chainlink oracles in the future.

The Bonq Protocol has introduced numerous updates since the time the audit was finalized, including all contracts involved in the vulnerability (ConvertedPriceFeed, ChainlinkPriceFeed, and TellorPriceFeed). These contracts were never in scope of any audit conducted by the Omniscia team and thus are considered to be unaudited code."

"The Polygon-based lending and stablecoin protocol was hit by a two-stage attack on Wednesday in another example oracle manipulation."

"@BonqDAO got bonked for $120M last week.

But the anonymous attacker got away with less than $2M."

"Despite all the action being visible on-chain, BonqDAO telegram admins attempted to downplay the incident whilst the team presumably worked out what had happened."

"Samczsun summarised the attack as follows:

the attacker said "btw 1 ALBT = 5 billion MATIC now" and Bonq said "ok"

The hacker was able to manually update the Tellor price feed of (wrapped) WALBT collateral by staking 10 TRB tokens (worth just ~$175).

The attacker then used the submitValue function to report WALBT price to the oracle and, because BonqDAO uses the instant value, the attaker was able to borrow against their inflated collateral within the same tx.

Firstly, the ALBT price was raised, allowing the attacker to mint 100M BEUR, Bonq’s Euro-pegged stablecoin against 0.1 WALBT collateral.

Then, in a subsequent transaction, the WALBT price was reset to extremely low, allowing the attacker to liquidate user’s WALBT collateral, and netting approximately 113M WALBT."

"The attacker calls the depositStake function of the TellorFlex contract, depositing 10 $TRB. Why 10 TRBs? We can see that the takeAmount is exactly 10*10^18

Next, the hacker calls the submitValue function to submit a request to change the $WALBT price. The function determines if the caller's stake amount has reached the pre-set takeAmount, which is why the attacker needs to first stake 10 TRB tokens (10^18 is decimal point).

This function will record the price submitted by the caller, in this case 50000000000000000000000000000000.

After the price is set, the hacker calls the createTrove function of the Bonq contract to create the trove(0x4248FD) contract, which is a contract of data recording, borrowing and liquidating. Next, the attacker stakes 0.1 $WALBT to the contract to perform a borrowing operation.

Normally, the borrowing amount should be < 0.1 WALBT to ensure collateral rate in a safe range. But in this contract, the calculation of the collateral value is via TellorFlex contract. The attacker has already raised $WALBT price, thus being able to borrow 100M $BEUR.

The hacker sets $WALBT to a low price in 2nd TX. When the $WALBT price is extremely low, the stake rate of WALBTs staked by other users will be at liquidation, enabling hacker to liquidate $WALBT staked by other users at low cost, eventually obtaining ~114M WALBT."

"Losses have been widely reported to be up to $120M, using the tokens’ prices at the time of the hack. But low liquidity meant the attacker has only managed to swap the loot to around $1.7M worth of ETH and DAI, so far.

Nevertheless, the damage to BonqDAO was brutal, with TVL drained from ~$13M yesterday to just over $100k at the time of writing."

"Stolen BEUR was dumped on Polygon for just over $500K. Funds were then sent to the attacker’s Ethereum address, where the ALBT was repeatedly dumped for ETH. The attacker’s ETH address currently holds 711 ETH (~$1.2M) and 535k DAI, as well as 89M ALBT (supposedly worth ~$3M, if the attacker can find somewhere to sell it…)."

"BlockSec provided a detailed flowchart of funds, which can be found here. The attacker’s ETH address was funded via Tornado Cash shortly before the attack, and the stolen funds have since been deposited back into the mixer."

"While it may have been BonqDAO had the vulnerability, AllianceBlock has suffered significant collateral damage from this incident.

The sell-off of Bonq users' liquidated ALBT caused its price to dump up to ~75% following the attack. AllianceBlock have stated they will reissue the token and airdrop to users based on a Snapshot from before the hack.

Bonq’s Euro stablecoin, BEUR, has dropped to approximately 25% below its peg and the price of the DAO’s token, BNQ, has also taken a hit of over 30%.

AllianceBlock may not be at fault for the vulnerability, but perhaps they need to work on their due diligence."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - BonqDAO Protocol Oracle Hack
Date Event Description
February 1st, 2023 11:29:18 AM MST Malicious Transaction The malicious transaction occurs on the blockchain[3][4].
February 1st, 2023 12:17:00 PM MST Report By Spreekaway Twitter user Spreekaway was the first to report on the exploit on Twitter[5].
February 1st, 2023 9:42:00 PM MST MetaSleuth Blockchain Analysis Twitter user MetaSleuth (part of the BlockSecTeam) reports an analysis of the path of the exploited funds[6][7].
February 2nd, 2023 3:38:00 AM MST Beosin Alert Analysis Posted [8]. TBD
February 3rd, 2023 2:59:00 AM MST MetaSleuth Analysis Update The MetaSleuth analysis is updated to report that the exploiter has swapped their DAI for Ether and is sending those funds through TornadoCash[9][10].
February 7th, 2023 2:18:00 AM MST Rekt Article Published Rekt publishes an article on the Bonq exploit[11]. [12]

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

MetaSleuth (BlockSecTeam) Analysis

1/ The profit of @BonqDAO attacker is around 98.6M BEUR 113M WALBT. Specifically, 113M WALBT was burned to unlock 113M ALBT. ~0.5M BEUR was swapped to 534,535 USDC and t to Ethereum (0xcacf…6642). 98.1M BEUR was still on the attacker’s account on Polygon.

2/ For 0xcacf..6642 on Ethereum, it s[w]apped the received USDC to DAI using 0xExchange(@0xproject). Also, WALBT is swapping into ETH/USDT using 0xExchange and Uniswap. The account currently holds 711 ETH, 534,481 DAI, and 89M ALBT.

3/ Update: The @BonqDAO  attacker has swapped DAI for Ether and laundered 1,105 Ether via Tornado Cash.

Total Amount Lost

The total amount lost has been estimated at $120,000,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Bonq Protocol Documentation Update

[2][13][14]

On Feb 1st, 2023 Bonq protocol was exposed to oracle hack

Protocol is at the moment paused. Recommended course of actions is, to visit Bonq app and withdraw any available Trove collaterals. Bonq repaid all debts on the remaining troves, so collaterals can be withdrawn! Any other actions, that are not officially communicated, please withhold on them.

Hack report Bonq 2.0 recovery/reboot proposal

Please bear with us and thank you for your understanding.

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

Avoid the use of smart contracts unless necessary. Minimize the level of exposure by removing or withdrawing assets whenever possible. Aim to choose smart contracts which have obtained third party security audits, preferably having been audited by at least three separate reputable firms. Pay attention to the audit reports, which smart contracts are covered, and whether the smart contract has been upgraded or modified since the report. Ensure that any administrative functions with the ability to remove funds from the smart contract are under the authority of a multi-signature wallet which is controlled by at least three separate and reputable entities.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. BonqDAO - Self-sovereign finance (May 3, 2023)
  2. 2.0 2.1 Welcome to Bonq - Protocol Overview (May 3, 2023)
  3. BonqDAO Exploiter Wallet - PolygonScan (May 3, 2023)
  4. Malicious Exploit of BonqDao - PolygonScan (May 3, 2023)
  5. spreekaway - "seems that @BonqDAO and @allianceblock has been exploited and large amounts of BEUR and ALBT tokens tokens have been stolen." Twitter (May 3, 2023)
  6. MetaSleuth - "The profit of @BonqDAO attacker is around 98.6M BEUR 113M WALBT. Specifically, 113M WALBT was burned to unlock 113M ALBT." - Twitter (May 3, 2023)
  7. MetaSleuth Fund Path Analysis (May 4, 2023)
  8. BeosinAlert - "@BonqDAO and @allianceblock were under price manipulation attack earlier today, resulting in a $88M loss." - Twitter (May 3, 2023)
  9. MetaSleuth - "The @BonqDAO attacker has swapped DAI for Ether and laundered 1,105 Ether via Tornado Cash." - Twitter (May 4, 2023)
  10. MetaSleuth Analysis On TornadoCash Exiting (May 4, 2023)
  11. RektHQ - "BonqDAO got bonked for $120M last week. But the anonymous attacker got away with less than $2M." - Twitter (May 31, 2023)
  12. Rekt - BonqDAO - REKT (May 3, 2023)
  13. Hack Report - BonqDAO (May 4, 2023)
  14. Bonq 2.0 Reboot/Recovery Proposal (May 4, 2023)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=BonqDAO_Protocol_Oracle_Hack&oldid=4498"