Euler Finance Receives "Generous" Donations

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Euler Finance Homepage/Logo

Euler is a non-custodial permissionless lending protocol on Ethereum that enables users to lend and borrow almost any crypto asset. It features a number of innovations, including permissionless lending markets, reactive interest rates, protected collateral, and multi-collateral stability pools. Users can create artificial leverage by minting and depositing assets. The donateToReserves function was exploited, allowing a hacker to create an unbacked DToken debt. The vulnerability was missed by auditors and smart contract insurance protocol Sherlock, which will pay a claim of $4.5M to Euler. Total losses from the attack were $134.6M in ETH derivatives, $18.6M in WBTC, 34M USDC, and 8.9M DAI.

About Euler Finance

[1][2][3]

"Democratising the assets people can lend and borrow. Euler is a non-custodial protocol on Ethereum that allows users to lend and borrow almost any crypto asset."

"Euler is a non-custodial permissionless lending protocol on Ethereum that helps users to earn interest on their crypto assets or hedge against volatile markets without the need for a trusted third-party. Euler protocol features a number of innovations not seen before in DeFi, including permissionless lending markets, reactive interest rates, protected collateral, MEV-resistant liquidations, multi-collateral stability pools, and much more. For more information, read the White Paper."

"Euler comprises a set of smart contracts deployed on the Ethereum blockchain that can be openly accessed by anyone with an internet connection. Euler is managed by holders of a protocol native governance token called Euler Governance Token (EUL). Euler is entirely non-custodial; users are responsible for managing their own funds. A convenient and user-friendly front-end to for the Euler smart contracts is hosted at https://app.euler.finance. However, users are free to access the protocol in whatever format they wish; a popular alternative can be found at https://instadapp.io/."

Smart Contract Code

[4][5][6][7]

Audits Provided

The Euler Finance protocol had been extensively audited[8] and had ongoing coverage for new changes by Sherlock[9].

The Reality

[10][4][5][6][11][7]

"Permissionless listing is much riskier on decentralised lending protocols than on other DeFi protocols, like decentralised exchanges, because of the potential for risk to spill over from one pool to another in quick succession. For example, if a collateral asset suddenly decreases in price, and subsequent liquidations fail to repay borrowers' debts sufficiently, then the pools of multiple different types of assets can be left with bad debts. To counter these challenges, Euler uses risk-based asset tiers to protect the protocol and its users."

The particular donateToReserve function which was changed in EIP14 was not covered by the Omniscia audit[9].

What Happened

A vulnerability in the donateToReserve was exploited by an attacker to drain $4.5m worth of funds from the smart contract.

Key Event Timeline - Euler Finance Receives "Generous" Donations
Date Event Description
July 6th, 2022 12:29:16 PM MDT EIP14 Proposed EIP14 is proposed on the Euler Governance Forum[10]. The Euler Governance Forum discussed and implemented changes outlined in Euler Improvement Proposal (eIP) 14 related to contract upgrades. Shared changes include modifications to the computeExchangeRate function and increased gas allocation for the balanceOf method. Notable updates were made to DToken, introducing a flashLoan feature and marking certain functions as reentrant or non-reentrant for consistency. EToken implemented a donateToReserves feature, allowing users to contribute ETokens to reserves. Exec module changes impacted its external interface, introducing new methods and removing unnecessary ones. Governance updates included new functions for chainlink feed configuration, pricing type setting, and additional checks in convertReserves. RiskManager now supports CHAINLINK pricing type, and Swap module remained unchanged. Security audits were conducted, with chainlink changes audited by Omniscia. The changes passed a snapshot vote, and the upgrades were executed on the Ethereum blockchain[10].
March 13th, 2023 2:50:59 AM MDT Exploit Transaction One of the exploit transactions.[12][13]
March 13th, 2023 3:24:00 AM MDT MetaSleuth Analysis Tweet MetaSleuth reports that the losses of the attack already exceed $190m and they are investigating[14].
March 13th, 2023 3:56:00 AM MDT Euler Finance Twitter Announcement Euler Finance posts on Twitter to announce that they are "aware and our team is currently working with security professionals and law enforcement"[15]. TBD follow Tweet to PeckShield.
March 13th, 2023 4:17:00 AM MDT CoinTelegraph Article Published CoinTelegraph reports that Euler Finance, an Ethereum-based noncustodial lending protocol, fell victim to a flash loan attack resulting in the theft of over $195 million in decentralized stablecoins and synthetic ERC-20 tokens, including Dai, USD Coin, staked Ether (StETH), and wrapped Bitcoin (WBTC)[16]. The attacker executed multiple transactions, exploiting a vulnerability in Euler Finance's smart contracts. The funds, currently residing in hacker addresses, were moved from the Binance Smart Chain to Ethereum, resembling a previous deflation attack. The attacker utilized flash loans from AAVE, taking advantage of a bug in Euler's smart contracts that bypassed liquidity checks during the donation process, enabling self-liquidation and significant profit. Euler Finance is reportedly collaborating with security professionals and law enforcement to address the issue[16].
March 13th, 2023 4:22:00 AM MDT MetaSleuth on Funding Sources MetaSleuth reports the source of funding of one of the attackers to be from "FixedFloat and deflation token exploiter 6 on BSC", while the other attacker had funding coming from TornadoCash[17]. TBD integrate to rest of article.
March 13th, 2023 8:37:00 AM MDT SlowMist Publishes Analysis SlowMist published a technical analysis of the exploit[18]. The attacker in the Euler Finance hack utilized flash loans to deposit funds and leveraged them twice, triggering the liquidation logic. The attacker then donated the funds to the reserve address and conducted a self-liquidation to secure any remaining assets. Two critical factors contributed to the success of the attack: funds were donated to the reserve without undergoing a liquidity check, enabling the direct triggering of soft liquidation, and the soft liquidation logic was activated by high leverage, allowing the liquidator to obtain most of the collateral funds while transferring only a portion of the liabilities. The incident underscores the necessity of robust security measures in the decentralized finance space as the industry expands, emphasizing the need for platforms to proactively safeguard against malicious actors.
March 13th, 2023 10:16:14 AM MDT Omniscia Publishes Post Mortem Omniscia brings a post-mortem online detailing what happened in the attack[9]. The Euler Finance incident post-mortem reveals that on March 13, 2023, a vulnerability in the Euler Finance protocol allowed an attacker to exploit the donation mechanism introduced in Euler Improvement Proposal (eIP) 14. The flaw permitted the creation of artificial leverage, uncollateralized DToken debt, and subsequent liquidation for profit. The attacker deployed two contracts, violator and liquidator, using flash loans to manipulate Euler Finance's EToken and DToken balances. By donating EToken units without proper health checks, the attacker incurred bad debt, leading to a liquidation scenario. The attacker retained a substantial amount of DAI tokens, causing an estimated financial impact of ~$8,779,854.423 USD. The incident, not covered in Omniscia's audit, underscores the importance of robust security checks in decentralized finance protocols[9].
March 14th, 2023 11:20:00 AM MDT RektHQ Article Published RektHQ posts an article on the exploit[19]. On March 14, 2023, Euler Finance, one of DeFi's most established lending protocols, suffered a $197 million exploit. The hack involved a little-used donateToReserves function that was incorporated into Euler via EIP14 last year, which allowed the hacker to send eTokens to Euler reserves without checking the health of the user's position. The hacker used two contracts, one of which would incur bad debt via donateToReserves, and the other would act as a liquidator. Using flash-loaned funds and Euler's leverage system, the hacker created a large, underwater position on one contract, allowing the liquidator contract to obtain the inflated eToken collateral at a discount and withdraw into the underlying assets. Euler reached out to the attacker's address, but some funds were already sent to Tornado via a pass-through address in what seems like a test. The exploit not only affected Euler but also other DeFi projects that had funds tied up in the protocol. This event highlights the importance of resilient infrastructure for DeFi's future[20].

Technical Details

[9][10][4][5][6][11][12][21][22][7][23][13]

Omniscia denies any responsibility for the exploit, as their audit did not cover the donateToReserve function[9].

The EToken::donateToReserve feature that is at the crux of this vulnerability was not in scope of any audit conducted by Omniscia. As such, the code that causes the vulnerability was never in scope of any audit conducted by our team.

"The Euler Finance protocol permits its users to create artificial leverage by minting and depositing assets in the same transaction via EToken::mint. This mechanism permits tokens to be minted that exceed the collateral held by the Euler Finance protocol itself.

The donation mechanism introduced by Euler Finance in eIP-14¹ (EToken::donateToReserves) permits a user to donate their balance to the reserveBalance of the token they are transacting with. The flaw lies in that it does not perform any health check on the account that is performing the donation."

"Lending on Euler is managed via eTokens (collateral) and dTokens (debt), with liquidations triggered when a user has more dTokens than eTokens.

The exploited vulnerability involved the little-used donateToReserves function which was incorporated into Euler via EIP14 last year. donateToReserves allows users to send eTokens to directly to Euler reserves, however does not contain a check on the health of the user’s position.

The hacker took advantage of this by using two contracts, one of which would incur bad debt via donateToReserves, and the other would act as liquidator.

Using flash-loaned funds and Euler’s leverage system to create a large, underwater position on one contract, the liquidator contract could obtain the inflated eToken collateral at a discount, and withdraw into the underlying assets.

Omniscia, one of Euler’s six auditors, published a detailed post-mortem, summing up the issue as follows:

The attack ultimately arose from an incorrect donation mechanism and did not account for the donator’s debt health, permitting them to create an unbacked DToken debt that will never be liquidated."

"The vulnerability that was exploited stems from how Euler Finance permits donations to be performed without a proper account health check.

The vulnerable code was introduced in eIP-14¹ which introduced multiple changes throughout the Euler Ecosystem. The flaw lies in the first change performed to the EToken implementation (EToken::donateToReserves feature²).

The logic within the Liquidation module will attempt to repay the full debt of the violator, however, if the collateral they possess would not satisfy the expected repayment yield, the system defaults to whatever collateral the user has³.

The assumption of this code block states that a borrower’s available collateral will be insufficient only when:

This can happen when borrower has multiple collaterals and seizing all of this one won’t bring the violator back to solvency

This security guarantee is not upheld by the donation mechanism which permits the user to create “bad debt” in the form of leverage that is uncollateralized by donating their EToken units without affecting their DToken balance."

Total Amount Lost

"SlowMist provided a summary of the addresses and transactions involved: total losses comprised 86k in ETH derivatives ($134.6M), 849 WBTC ($18.6M), 34M USDC, 8.9M DAI."

The total amount lost has been estimated at $196,100,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

Euler Finance first reported the problem via a Tweet which had generic information[15].

We are aware and our team is currently working with security professionals and law enforcement. We will release further information as soon as we have it.

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?


"Auditors and smart contract insurance protocol Sherlock has taken responsibility for missing the vulnerability in their review of EIP-14 last year, and will pay a claim of $4.5M to Euler.

Euler reached out to the attacker’s address via tx input data:

We understand that you are responsible for this morning's attack on the Euler platform. We are writing to see whether you would be open to speaking with us about any potential next steps.

But with some funds having been sent to Tornado via a pass-through address in what seems like a test, the prospects of returned funds aren’t looking good…

Given Euler’s high-profile and stable reputation, many other DeFi organisations had funds tied up in the protocol.

The fact that so many other projects chose to integrate with Euler is a testament to just how shocking this exploit has been for the community. And many have reached out in support of the Euler team."

Omnisicia Post-Mortem

Omniscia, the firm which audited the smart contract, released a post-mortem of the incident[9].


Euler Finance has continued to get more extensive audits of their smart contract[24].

Total Amount Recovered

According to the Omniscia audit, there was an active coverage policy[9].

The donateToReserves function was audited by the Sherlock team in July 2022. Euler Finance and Sherlock have confirmed that Euler had an active coverage policy with Sherlock at the time of exploit.

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

Avoid the use of smart contracts unless necessary. Minimize the level of exposure by removing or withdrawing assets whenever possible. Aim to choose smart contracts which have obtained third party security audits, preferably having been audited by at least three separate reputable firms. Pay attention to the audit reports, which smart contracts are covered, and whether the smart contract has been upgraded or modified since the report. Ensure that any administrative functions with the ability to remove funds from the smart contract are under the authority of a multi-signature wallet which is controlled by at least three separate and reputable entities.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. https://www.euler.finance/ (May 3, 2023)
  2. https://docs.euler.finance/getting-started/introduction (May 3, 2023)
  3. https://docs.euler.finance/getting-started/white-paper (May 3, 2023)
  4. 4.0 4.1 4.2 Euler Finance Diff: contracts/modules/EToken.sol - Github Diff (May 3, 2023)
  5. 5.0 5.1 5.2 Liquidation.sol as part of Euler Finance Smart Contract - GitHub (May 3, 2023)
  6. 6.0 6.1 6.2 EToken.sol as part of Euler Finance Smart Contract - GitHub (May 3, 2023)
  7. 7.0 7.1 7.2 BaseLogic.sol as part of Euler Finance Smart Contract (May 3, 2023)
  8. Audits - Euler Finance Docs Archive February 1st, 2023 3:15:22 PM MST (May 17, 2023)
  9. 9.0 9.1 9.2 9.3 9.4 9.5 9.6 9.7 Euler Finance Incident Post-Mortem - Omniscia Medium (May 3, 2023)
  10. 10.0 10.1 10.2 10.3 eIP 14: Contract Upgrades - [eIP] Euler Improvement Proposals - Euler Governance Forum (May 3, 2023)
  11. 11.0 11.1 Euler Liquidation Discount Parameter - Euler Finance Docs (May 3, 2023)
  12. 12.0 12.1 Euler Finance Exploit Primary Contract - Etherscan (May 3, 2023)
  13. 13.0 13.1 Euler Finance Exploit Transaction - Etherscan (May 3, 2023)
  14. MetaSleuth - "Euler Finance @eulerfinance is being attacked. It seems the attack continues and the total loss exceeds 190 million USD already. Will update the details later." - Twitter (Jan 19, 2024)
  15. 15.0 15.1 Euler Finance - "We are aware and our team is currently working with security professionals and law enforcement. We will release further information as soon as we have it." - Twitter (May 3, 2023)
  16. 16.0 16.1 Euler Finance hacked for over $195M in a flash loan attack - CoinTelegraph (Jan 19, 2024)
  17. MetaSleuth - "Attacker 0x5f25 launched the first attack, making a profit of ~8.8M DAI. All profits stay in the exploit contract 0xebc2. The initial funding comes from FixedFloat and deflation token exploiter 6 on BSC." - Twitter (Jan 19, 2024)
  18. SlowMist - "The attacker used flashloans to deposit funds and then leveraged them twice to trigger the liquidation logic, donating the funds to the reserve address and conducting a self-liquidation to collect any remaining assets." - Twitter (Jan 19, 2024)
  19. RektHQ - "Against the backdrop of a banking meltdown and stablecoin crisis, @eulerfinance was struck a $197M blow." - Twitter (May 3, 2023)
  20. Rekt - Euler Finance - REKT (May 3, 2023)
  21. Euler Finance Exploit Violator Contract - Etherscan (May 3, 2023)
  22. Euler Finance Exploit Liquidator Contract - Etherscan (May 3, 2023)
  23. Euler Finance Exploiter Contract #2 - Etherscan (May 3, 2023)
  24. Audits - Euler Finance Docs (May 3, 2023)