Flurry Finance Vault Flash Loan Attack

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Flurry Finance

Flurry Finance is a yield farming protocol which offers a stablecoin with interest. An attacker was able to exploit the smart contract hot wallet and removed between $251,000 and $293,000 USD worth of funds by increasing their token balance using a Flash loan. The protocol has vowed to reimburse all affected users, and started to put together a description of what will be reimbursed, although this process is still underway.

This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21]

About Flurry Finance

"Flurry Finance is the future of yield farming. The Flurry Protocol is a yield aggregator that provides earn, trade, and spend with stability, flexibility, and ease!" "No lockup periods, nor technical barriers, it offers a better user experience on DeFi that allows you to use your tokens as a medium of exchange while earning yield." "Start your passive income today with rhoTokens."

"FLURRY is the governance token of the Flurry protocol, available on swaps and exchanges." "By holding FLURRY, you can vote on various parameters in determining the development of Flurry protocol such as fee percentages, whitelisting or blacklisting yield farming DeFi protocols, or even proposing new strategies in the yield farming process. It is like stocks, except it is in token form on the decentralized network."

"Yield aggregators are tapped into Ethereum-based and Binance Smart Chain (BSC) based products, while FLURRY is targeting to work cross-chain in order to look for the best yield after taking the transaction cost into consideration." "The price of rhoToken is pegged 1:1 to the underlying stablecoin. As a result, rhoTokens can be spent the same way as the underlying stablecoin. Users do not have to redeem their rhoTokens before they use their fund. In other words, it is more flexible and user oriented, as your fund won’t be locked-up." "The whole yield generation process is fully automated and transparent to users. Flurry DApp gives a clear picture of how and how much interest is earned once you have made a deposit. All users have to do is to hold the rhoTokens and the wallet balance will grow to reflect the interest earned."

"rhoToken is a cross-chain token which it pegged 1:1 to its underlying stablecoin. The Flurry protocol automates the yield farming process with rhoTokens, sparing users all the tedious task of switching in and out of DeFi products on different chains to generate yield with your deposit. In return, you will get rhotokens (rhoUSDC, rhoUSDT, rhoBUSD) which you can hodl, trade and spend as a medium of exchange while earning an interest automatically - something that stablecoin couldn’t do."

"[The Flurry Finance] team [is] composed of graduates from Cornell University, Stanford University and Imperial College London, and pedigrees from JP Morgan, Barclays Capital, KBC Financial Products, Daiwa Capital Markets and Societe Generale."

The Reality

The Flurry Finance smart contract contained a vulnerability which would allow an attacker to falsely inflate their balance via a Flash loan.

The issue was specifically related to an external dependency.

What Happened

An attacker exploited the smart contract vulnerability, making off with ~$293k USD from one of the vaults.

Key Event Timeline - Flurry Finance Vault Flash Loan Attack
Date Event Description
February 22nd, 2022 4:18:00 PM MST CertiK Community Tweet CertiK posts on Twitter with news of the event and a technical analysis[15].
March 2nd, 2022 4:00:00 AM MST [22]

Technical Details

"Flurry Finance’s Vault contract was hit by a flash loan attack, resulting in the theft of approximately $293,000 worth of assets in the Vault contract." "The attack took place on Tuesday (February 22) when a malicious hacker deployed an exploit that enabled the increase of a multiplier influencing the balance of rhoToken, a deposit token used by Flurry Finance for yield aggregation."

"CertiK said the attacker unleashed a malicious token contract, created a PancakeSwap pair for the token and Binance USD (BUSD), then took out a flash loan from Rabbit Finance’s bank contract."

"Per the report, the attacker deployed a malicious contract in the protocol and further created a PancakeSwap pair for the RhoToken against Binance stablecoin (BUSD)."

"The creation of the malicious contract code dubbed “FlurryRebaseUpkeep.performUpkeep()” rebases all update multipliers for RhoTokens." "After a while, the attacker returned the flash loan. Further investigations show that the attacker conducted another transaction, but this time, the attacker deposited tokens using a lower multiplier and subsequently updated the multiplier to a higher value."

"The hacker later made withdrawals with the higher multiplier." "Since the multiplier is one of the key reasons behind the spike in RhoToken balance, the attacker also recorded an increase in their own balance." "Based on this, they were able to withdraw more than what they deserved from the pool and the process was repeated several times, which resulted in more than $290,000 in losses."

"The illicit update was executed in the form of a flash loan and all tokens borrowed from the bank contract were not returned, and the low balance subsequently resulted in a low multiplier."

"Triggering the StrategyLiquidate function, which “decoded input data as the LP token address created in the previous step”, enabled execution of malicious code that rebased all vaults and update multipliers for rhoTokens."

“Because the rebasing was triggered in the process of a flashloan and tokens borrowed from the Bank contract were not returned yet, the low balance in the Bank contract led to a low multiplier,” explained CertiK.

"After returning the flash loan and concluding the preparation transaction the attacker proceeded to deposit tokens with the low multiplier, updated the multiplier to a higher value, then withdrew tokens with the high multiplier."

CertiK, which audits smart contracts for Flurry Finance, has emphasized that “the exploit was caused by external dependencies”.

CertiK Technical Analysis

[15]

@FlurryFi’s Vault contracts were attacked leading to around $293K worth of assets being stolen from Vault contracts

The attacker deployed a malicious token contract, which is also used as the attack contract, and created a PancakeSwap pair for the token and $BUSD.

The attacker flashloaned from Rabbit Bank contract and triggered StrategyLiquidate's execute method.

The execute method decodes input data as the LP token address, the attacker is able to execute code implemented in the malicious token contract.

The malicious token contract called “FlurryRebaseUpkeep.performUpkeep()” rebases all vaults and updates multipliers for Rho Tokens.

The update is based on all strategies' balances.

The update was triggered in the process of a flashloan and the tokens borrowed from the Bank contract were not returned yet, the low balance led to a low multiplier.

The attacker returned the flashloan and finished the preparation transaction.

In the next transaction, the attacker deposited tokens with the low multiplier, updated the multiplier to a higher (normal) value, and withdrew the tokens with the high multiplier.

For example, in one of the transactions the multiplier was updated to 4.1598e35 and in the next transaction, the multiplier was updated to 4.2530e35.

Because the multiplier is one of the factors deciding the RhoToken balance, the attacker's RhoToken balance was increased in the transaction so they were able to withdraw more tokens than they deserve from the Vault.

The attacker repeated this process multiple times.

Note: Flurry Finance is a CertiK client but the exploit was caused by external dependencies.


Attacker: https://bscscan.com/address/0x0f3c0c6277ba049b6c3f4f3e71d677b923298b35… Malicious token contract: https://bscscan.com/address/0xb7a740d67c78bbb81741ea588db99fbb1c22dfb7… PancakeSwap pair: https://bscscan.com/address/0xca9596e8936aa8e902ad7ac4bb1d76fbc95e88bb

Bank contract: https://bscscan.com/address/0xbeeb9d4ca070d34c014230bafdfb2ad44a110142… StrategyLiquiddate contract: https://bscscan.com/address/0x5085c49828b0b8e69bae99d96a8e0fcf0a033369

FlurryRebaseUpkeep contract: https://bscscan.com/address/0x10f2c0d32803c03fc5d792ad3c19e17cd72ad68b… One of the Vault contracts: https://bscscan.com/address/0xec7fa7a14887c9cac12f9a16256c50c15dada5c4…

Total Amount Lost

The total amount was originally shared as $227,960.66 USD[22], however this was later revised to $250,668.11 USD. (TBD - follow tweet in 22[22] if not already)

The total amount lost has been estimated at $251,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

Initial Tweet By Flurry Finance

[22]

We cherish the transparency that decentralisation brings, there4, we will expose the steps that the exploiter took to steal a total amount of 227,960.66 in rhoUSDT & rhoBUSD respectively. We are rearranging to organise full compensation for affected users. Please stay tuned.

Reactions From CertiK

CertiK, which audits smart contracts for Flurry Finance, has emphasized that “the exploit was caused by external dependencies”.

“Our team has got to the bottom of the issue, and [is] currently upgrading all the smart contracts on rhoTokens in order to avoid the exploitation from happening again.”

"Our team is doing our best to investigate the exploitation. As a precautionary measure, we have paused all smart contracts of rhoTokens including those on #BSC and #Polygon, which means converting/ redeeming rhoTokens,"

"It is worth noting that the attackers only exploited funds in the FinanceRabbit Strategy. In an effort to prevent things from escalating, Flurry Finance announced that it has suspended all smart contract activities for RhoTokens on all networks."

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

"Flurry Finance told The Daily Swig on March 1: “Our team is in full swing to redeploy all smart contracts on the FLURRY protocol after a full sweep of security checks again. We will issue the hack report/ compensation plan later this week. [We] hope it will give you more idea on the hack, and [the] other precautionary [measures taken].”"

"We have been working day and night, not only to tighten the security system of the Flurry Protocol (FlurryPro), as well as to upgrade all relavant rhoToken contracts in preparation for redeployment to compensate the losses induced by this unfortunate incident to all affected users."

"As mentioned in previous tweets, we will compensate all losses induced by this incident to our users. However, since it will involve the redeployment of rhoTokens, it will take us some time to restore the rhotokens balance for all rhoToken hodlers." "Our team Flurry Finance would like to thank you for your patience and support throughout the unfortunate incident in which the exploitation has cost the loss of a total sum of USD 250,668.11 on the Flurry Protocol (FlurryPro)."

"The redeployment will be ready by the week of 21 March." "Our team will create a new rhoUSDT & rhoBUSD contract on BNB Chain, which remains to be pegged 1:1 to its underlying stablecoins. All affected users’ balances will be restored automatically once the new smart contract is being deployed." "Users will only have to add the newly deployed rhoUSDT or rhoBUSD in your wallet to see the token balance."

Total Amount Recovered

The total amount recovered is unknown.

Ongoing Developments

TBD

Individual Prevention Policies

Users should ensure that smart contracts are thoroughly audited, including any external dependencies which they may use. Ensure smart contracts have reviews from a mix of multiple auditors.

Avoid the use of smart contracts unless necessary. Minimize the level of exposure by removing or withdrawing assets whenever possible. Aim to choose smart contracts which have obtained third party security audits, preferably having been audited by at least three separate reputable firms. Pay attention to the audit reports, which smart contracts are covered, and whether the smart contract has been upgraded or modified since the report. Ensure that any administrative functions with the ability to remove funds from the smart contract are under the authority of a multi-signature wallet which is controlled by at least three separate and reputable entities.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

More thorough and diverse smart contract auditing would increase the likelihood of catching issue such as this.

All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.

The Flurry Finance smart contract could implement a simple multi-signature wallet to oversee a portion of the funds, preventing them from being subject to any risk.

All wallets, minting functions, and critical infrastructure should be implemented with a multi-signature requirement, with a recommended minimum of 3 signatures required. This means that making important changes or approving spending will require the keys held by at least 3 separate individuals within the organization to approve. The multi-signature should be implemented at the lowest layer possible, all key holders should have security training, and all key holders should be empowered and encouraged to exercise diligence.

Finally, an industry insurance fund could help ensure validators are selected well and assist in the event of any breach.

Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

More thorough and diverse smart contract auditing would increase the likelihood of catching issue such as this. The Flurry Finance smart contract could implement a simple multi-signature wallet to oversee a portion of the funds, preventing them from being subject to any risk.

All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.

An industry insurance fund could help ensure validators are selected well and assist in the event of any breach.

Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. SlowMist Hacked - SlowMist Zone (Jun 26, 2021)
  2. Flurry | The Future of Yield Farming (Mar 8, 2022)
  3. Flurry Finance Explains - Future of Yield Farming - YouTube (Mar 8, 2022)
  4. Introducing Flurry Finance - Flurry Finance (Mar 9, 2022)
  5. Flurry Finance heist nets crypto thieves $295k | The Daily Swig (Mar 9, 2022)
  6. @FlurryFi Twitter (Mar 9, 2022)
  7. @FlurryFi Twitter (Mar 9, 2022)
  8. Post Incident Security And Compensation Plan (Mar 9, 2022)
  9. Over $290,000 Stolen From DeFi Protocol Flurry Finance (Mar 9, 2022)
  10. Flurry Finance Hacked: Reportedly $293K Lost | Biden Slaps Russia with Sanctions 23/02/22 - YouTube (Mar 9, 2022)
  11. Flurry Finance Hacked: Reportedly $293K Lost | Coinmonks News #93 Crypto News With Coinmonks podcast (Mar 9, 2022)
  12. Over $290,000 Stolen From DeFi Protocol Flurry Finance - The Crypto Basic (Mar 9, 2022)
  13. Flurry Finance Hacked: Reportedly $293K Lost | CoinCodeCap (Mar 9, 2022)
  14. @FlurryFi Twitter (Mar 9, 2022)
  15. 15.0 15.1 15.2 CertiKCommunity - "@FlurryFi’s Vault contracts were attacked leading to around $293K worth of assets being stolen from Vault contracts" - Twitter (Mar 9, 2022)
  16. https://bscscan.com/address/0x0f3c0c6277ba049b6c3f4f3e71d677b923298b35 (Mar 9, 2022)
  17. https://bscscan.com/address/0xb7a740d67c78bbb81741ea588db99fbb1c22dfb7 (Mar 9, 2022)
  18. https://bscscan.com/address/0xca9596e8936aa8e902ad7ac4bb1d76fbc95e88bb (Mar 9, 2022)
  19. @FlurryFi Twitter (Mar 9, 2022)
  20. @FlurryFi Twitter (Mar 9, 2022)
  21. Incident Report On 22 Feb 2022 (Mar 9, 2022)
  22. 22.0 22.1 22.2 22.3 Flurry Finance - "We cherish the transparency that decentralisation brings, there4, we will expose the steps that the exploiter took to steal a total amount of 227,960.66 in rhoUSDT & rhoBUSD respectively. We are rearranging to organise full compensation for affected users. Please stay tuned." - Twitter (Mar 9, 2022)