Midas Capital Virtual Price Reentrancy

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Midas Capital

Midas Capital is a DeFi protocol that allows users to lend and borrow digital assets, enabling anyone to create and deploy their own lending and borrowing pool. The protocol allows users to choose all of their custom parameters and isolate risk. Pools can be made public or private, depending on the creator's preference, and any asset with on-chain liquidity can be supported within Midas pools. Midas recently added WMATIC-stMATIC Curve LP token for use as collateral, but it has a read-only reentrancy vulnerability that allows the token's virtual price to be manipulated when improperly implemented. This vulnerability led to a recent exploit in which the attacker borrowed several assets against inflated collateral and swapped them for approximately $660k worth of MATIC, which was sent to Kucoin and Binance. Jarvis Network will cover the shortfall in backing of jFIATs resulting from the exploit, and Midas Capital is attempting to negotiate a bounty with the hacker. They are also working on a plan to re-collateralize the jFIATs the protocol lost and reimburse affected users, with the support of their community, partners, investors, and liquidity provider.

About Midas Capital

Midas Capital is a polygon-based lending protocol[1]. Midas Capital aims to enables capital-efficient isolated lending and borrowing pools. It allows the user s customize a money market and "maximize capital efficiency for any group of assets".

[2][3]

"There are 3 parts to "Midas Capital," and it is important to recognize the differences between each party involved. The Midas Capital Protocol [is a] DeFi protocol that is built using Smart Contracts and run autonomously on EVM compatible blockchains in order to put crypto assets to use. The Midas Capital UI [is a] web app that provides easy to use tooling in order to interact with the decentralized protocol. This interface is one of the many ways of interacting with the Smart Contracts. The core Midas team that will lead the protocol to full decentralization."

"Midas Capital is an open interest rate protocol that allows users to lend and borrow digital assets. The Midas protocol enables anyone to instantly create and deploy their own lending and borrowing pool. The protocol allows users (individuals, protocols, DAOs, institutions) to choose all of their custom parameters and isolate risk, rather than using a large lending and borrowing pool on other platforms. Pools can be made public or private depending on the creator's preference."

"As Uniswap is to permissionless trading markets, Midas pool has permissionless lending and borrowing. If there is an asset that has on-chain liquidity, it can be supported within Midas pools via a pre-built or custom oracle."

"The nature of Midas Protocol completely removes the need to lobby to money market protocols such as Compound Finance or Aave. Generally, newer tokens to the ecosystem have a very low chance of being listed on these large money markets given their possible risk to the rest of the pool. Midas Protocol allows for isolated versions of Compound Finance which provides users' with full range of composability with their digital assets and the financial freedom not seen in the traditional banking industry."

TBD - need more on:

  • Known history of when and how the service was started.
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

About Jarvis Network

Jarvis Network offers stable and liquid synthetic fiat currencies[4][5].

jFIATs are over-collateralized, stable and liquid on-chain fiat currencies that anyone can use to gain exposure to many fiat currencies, access liquidity, credit, yield and other financial services.

jFIATs have consistently maintained their peg since their launch, and maintain their value through strong stability mechanisms.

jFIATs can exchanged for any tokens with little to no price impact, enabling an on-chain Forex market and allowing to access on-chain liquidity from any currency.

jFIATs can be borrowed against various collateral-type for a fixed origination fee, providing users with loan with Forex risk.

jFIATs can be used to provide liquidity on various protocols to provide financial service against fees and interests.

jFIATs can act as a liquidity infrastructure for other stablecoins, to create beneficial and mutual synergies between different model of stablecoins.

jFIATs have an ever-growing ecosystem of applications and protocols, providing users with multiple new use cases.

TBD - Need to fill in.

The Reality

[6]

Midas Capital had recently added a new WMATIC-stMATIC Curve LP token, which was allowed to be used as collateral. These tokens have a previously known read-only reentrancy vulnerability which allows the token's virtual price to be manipulated when they are improperly implemented. The read-only reentrancy vulnerability is a known weakness of this type of LP token, and had previously led to a separate $220k loss on market.xyz in October 2022.

What Happened

The attacker managed to fool the smart contract for Midas Capital into believing that there is more valuable collateral locked into the smart contract than reality, which allows them to borrow against the higher collateral.

Key Event Timeline - Midas Capital Virtual Price Reentrancy
Date Event Description
January 15th, 2023 10:43:37 AM MST Exploit Transcation One of the blockchain transactions involved in the exploit[7].
January 15th, 2023 12:27:00 PM MST Ancilia Inc. Reports Attack The Ancilia Inc. reported that their web3 system had detected the exploit on polygon and included the hacker's address[8].
January 15th, 2023 1:39:00 PM MST Jarvis Network Announcement Jarvis Network announces the exploit on Twitter[9].
January 15th, 2023 5:01:00 PM MST Midas Capital Announcement Midas Capital makes an announcement on Twitter about the exploit and their role in it[10].
January 15th, 2023 10:56:00 PM MST BlockSecTeam Analysis BlockSecTeam posts an analysis of the exploit on Twitter[11]. TBD review.
January 16th, 2023 1:40:00 AM MST Beosin Alert Posted Beosin posts an alert analysis on Twitter[12]. TBD analysis
January 20th, 2023 9:25:00 AM MST RektHQ Article Rekt publishes an article on the Midas Capital vulnerability[1]. [13].

Technical Details

The specific vulnerability happened in the WMATIC-stMATIC Curve liquidity pool.

The attacker managed to fool the smart contract for Midas Capital into believing that there is more valuable collateral locked into the smart contract than reality, which allows them to borrow against the higher collateral.

"Both organisations announced the cause of the attack as the use of WMATIC-stMATIC Curve LP token."

"[T]he calculation of a position's collateral depends on self.D and totalSupply

self.D is updated after an unexcepted callback, so the four borrows use an outdated self.D.

the contract burns stMATIC-f before the unexcepted callback, which causes the four borrows to use an updated stMATIC-f.totalSupply()."

"As a result, @MidasCapitalxyz over-estimated the attack contract's position and lent excessive assets to the contract."

"The attacker was able to borrow the following assets against the inflated collateral: jCHF: 273,973, jEUR: 368,058, jGBP: 45,250, agEUR: 45,435, Which were then swapped to ~660k MATIC ($660k) and sent on to Kucoin and Binance."

Reported Hacker Address: [14]

Reported Problem Contract: [15]

Address The MATIC Was Sent To: [16]

Ancilia Inc. Technical Analysis

Ancilia Inc. published a technical analysis on Twitter of the exploit[8].

1/ #web3 #hacks our system detected an exploits on #Polygon

2/ @Jarvis_Network There are multiple bugs. The loan gain are caused by re-entry and price manipulations for jFIAT tokens.

Attached screen shot proved the price change(10x) after. During the native token WMATIC  send, attacker use the re-entry opportunity to borrow more.

3/ Attacker spend 270K WMATIC used as collateral, minted 131k jFIAT token. After price change back and force, attacker then created another contract and use 1/10 borrowed amount to liquidate the debt and redeem back 103k jFIAT token.

4/ @Jarvis_Network @MidasCapitalxyz There were some questions about the price oracle, especially which part is wrong. We don't have much inside details on the owner. But the problem is on [the problem contract] which is an implement for contract.

5/ After more time to investigate the price oracle, we found the price was calculated on get_virtual_price() function and it relies on self.D which is  in storage slot 0x1c. You could simply think the final price is self.D/2.

6/ In the normal case self.D value is 0x041a1ba29495fff4fab5bc but when attack happen, self.D is 10 times bigger: 0x294f45a00139705ce08a6f. After div the same totalSupply of the LP token, the price was jump 10 times. self.D was set in add_liquidity()->tweak_price()

7/ This may be a http://Curve.fi contract issue. Hi, @CurveFinance, by giving this re-entry attack, self.D is not updated before the ETH call, would you think to update your contract code?


Total Amount Lost

The total amount lost has been estimated at $660,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Jarvis Network Announcement

Jarvis Network posted an initial announcement on Twitter and requested that addresses be flagged[9]. They referenced a Polygon address[16].

Earlier today, our @MidasCapitalxyz pool was exploited: Midas recently added a new collateral type stMATIC-wMATIC Curve LP token, which seems to have been inflated to borrow jEUR, jCHF and jGBP, as well as agEUR, and swap all of them on @KyberNetwork for $MATIC.

The MATIC were sent to [a new address] and are now being dispatched.

@polygonscan @etherscan can you flag these addresses?

Midas Capital Announcement

Midas Capital made an announcement on Twitter about the exploit[10].

We listed WMATIC-stMATIC Curve LP token a few days ago on https://app.midascapital.xyz/137/pool/1 with supply caps of ~250k and had, not yet announced it

Adding such asset had been discussed with the @Jarvis_Network team as a way of adding novel options for the pools users. The supply caps were placed to prevent large borrows against such LP token. Unfortunately, this wasn't enough

The in question asset was manipulated using a flash loan, which allowed the attacker to inflate the LP token price, and borrow against it. Even with supply caps, the price increase was enough to let the attacker borrow north of 600k of jAssets

We wrongly assumed that, being a pool composed of only wrapped assets (ERC20's), the re-entrancy attack that we had seen in the past would not affect us using the chain's native token's `raw_call`

Since we have been extremely supporting of LP tokens as collateral, we had run into this same debate before -- when launching on BNB with Ellipsis.

Ellipsis explicitly removed the ability to do `raw_call`'s, which gave us the confidence that our oracle implementation was not subject to such attack.

We acknowledge we made a judgment error thinking this translated from the BNB implementation, where also only ERC20 assets are used.

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

"Jarvis Network will cover the (~$350k) shortfall in backing of jFIATs that resulted from the exploit, and Midas Capital have reached out to the hacker in an attempt to negotiate a bounty."

"We have decided to do not wait after Midas, and we are working on a plan to re-collateralize the jFIATs the protocol lost, and reimburse the users who were victim of the exploit. We will propose to the Jarvis governance to allocate part of the protocol’s revenus (liquidity provision, lending interests, protocol fee and farming with POL) and part of the protocol treasury to it, and we will ask for the help and support of our community, partners, investors, and “frens”. I have already discussed with many of them and they have expressed their will to support us in this difficult moment, either with or without counterparty. Also, the company which is the main liquidity provider within the protocol, will help, with both its treasury and revenues (±$700k last year with swap fees, interests and market making)."

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

Avoid the use of smart contracts unless necessary. Minimize the level of exposure by removing or withdrawing assets whenever possible. Aim to choose smart contracts which have obtained third party security audits, preferably having been audited by at least three separate reputable firms. Pay attention to the audit reports, which smart contracts are covered, and whether the smart contract has been upgraded or modified since the report. Ensure that any administrative functions with the ability to remove funds from the smart contract are under the authority of a multi-signature wallet which is controlled by at least three separate and reputable entities.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. 1.0 1.1 RektHQ - "The Midas touch backfired last Sunday, leaving a $660k hole in one of @MidasCapitalxyz's pools." - Twitter (May 4, 2023)
  2. Welcome to Midas Capital - Midas Docs (May 4, 2023)
  3. Midas pools - Midas Docs (May 4, 2023)
  4. Jarvis Network - Link3.to (May 31, 2023)
  5. Jarvis Network Homepage (May 31, 2023)
  6. Curve LP Oracle Manipulation: Post Mortem - Chainsecurity (May 3, 2023)
  7. Polygon Transaction Exploiting Midas Capital - PolygonScan (May 4, 2023)
  8. 8.0 8.1 Ancilia Inc - "#web3 #hacks our system detected an exploits on #Polygon" - Twitter (May 31, 2023)
  9. 9.0 9.1 Jarvis Network - "Earlier today, our @MidasCapitalxyz pool was exploited: Midas recently added a new collateral type stMATIC-wMATIC Curve LP token" - Twitter (May 31, 2023)
  10. 10.0 10.1 Midas Capital - "We listed WMATIC-stMATIC Curve LP token a few days ago ... with supply caps of ~250k and had, not yet announced it" - Twitter (May 31, 2023)
  11. BlockSecTeam - "@MidasCapitalxyz was attacked. It is due to an unexcepted external call before updating critical variables->reentrancy & miscalculation of the token prices." - Twitter (May 4, 2023)
  12. BeosinAlert - "@MidasCapitalxyz of @Jarvis_Network on Polygon was hacked for 663,101 $MATIC (~$660K) from a view reentrancy bug and price manipulation." - Twitter (May 4, 2023)
  13. Rekt - Midas Capital - REKT (May 4, 2023)
  14. Reported Hacker Address - PolygonScan (May 31, 2023)
  15. Reported Problem Contract - PolygonScan (May 31, 2023)
  16. 16.0 16.1 Address the MATIC was Sent To - PolygonScan (May 31, 2023)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Midas_Capital_Virtual_Price_Reentrancy&oldid=4501"