MonoX Software Bug

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

MonoX Homepage

MonoX is an innovative DeFi protocol which offers a single token for the liquidity pool instead of pool pairs. Unfortunately, there was a critical design defect in the protocol where the last price update overwrote earlier price updates. This vulnerability was exploited and $31m worth of user funds stored in the smart contract hot wallet were taken. As a new project, they didn't have a large amount of funds available to assist their users, however they are working on a compensation plan.

[1][2][3][4][5][6]

About MonoX

"MonoX is a new DeFi protocol using a single token design for liquidity pools (instead of using pool pairs). This is made possible by grouping deposited tokens into a virtual pair with the vCASH stablecoin. Our first use case for single token liquidity pools will be an Automated Market Maker - Monoswap, which is set to launch in October 2021. In the future, we will be launching lending/borrowing and derivatives products."

MonoX is known for using a single token design for liquidity pools in its DeFi protocol[7].

The MonoX security included a three-month testnet, bug bounty program, and three audits prior to launch[5]. The protocol also had a $1 million insurance policy from Tidal[5].

The Reality

The code of MonoX had a critical flaw where price updates were not stacking but instead, the last price update overwrote the first one[8]. This means that the tokenOut update occurred last, causing the tokenIn update to be ignored, effectively increasing the price of the MonoX token[8].

What Happened

An attacker executed a series of swaps from MonoX tokens to MonoX tokens, artificially inflating the price of MonoX within the system[8]. The attacker then exchanged their MonoX tokens for millions of dollars' worth of other assets within the system[8].

Key Event Timeline - MonoX Software Bug
Date Event Description
November 30th, 2021 6:10:11 AM MST Polygon Exploit Transaction Occurs An exploit transaction occurs on the Polygon blockchain[9].
November 30th, 2021 6:27:51 AM MST Ethereum Exploit Transaction Occurs The exploit transaction occurs on the Ethereum blockchain[10][11].
November 30th, 2021 7:33:00 AM MST BlockSecTeam Technical Analysis BlockSecReam published a technical analysis of the exploit on Twitter[12][10].
November 30th, 2021 8:22:00 AM MST CryptoNews Article Published CryptoNews publishes an article reporting that[7] approximately $31 million has been stolen from the decentralized finance (DeFi) platform MonoX in a recent exploit. The stolen assets are reported to include $10.5 million in Polygon (MATIC), $18.2 million in Wrapped Ethereum (WETH), $2 million in Wrapped Bitcoin (WBTC), and $31,000 in Chainlink (LINK). The MonoX team confirmed the exploit, explaining that a vulnerability in the swap contract was exploited, causing the MONO token price to skyrocket. The attacker then used MONO tokens to purchase all other assets in the pool. The team is currently investigating the issue and is working to recover the funds. MONO token's price had dropped by 14% to $5.12 at the time of reporting.
November 30th, 2021 9:58:00 AM MST Mudit Gupta Tweet Twitter user and security researcher Mudit Gupta shares a technical analysis of the MonoX smart contract vulnerability[8]. The situation has been acknowledged by the MonoX team, and they are addressing it[8].
December 1st, 2021 10:18:02 AM MST MonoX Publishes Post-Mortem MonoX publishes a post-mortem on their Medium page[5].
December 31st, 2021 7:08:00 AM MST Incident Included In Q4 Summary The incident received a mention in the CryptoNews Q4 summary[13].

Technical Details

Ethereum Transaction: [10][11]

Polygon Transaction: [9]

The code of MonoX had a critical flaw where price updates were not stacking but instead, the last price update overwrote the first one[8]. This means that the tokenOut update occurred last, causing the tokenIn update to be ignored, effectively increasing the price of the MonoX token[8].

Exploiting this, the attacker executed a series of swaps from MonoX tokens to MonoX tokens, artificially inflating the price of MonoX within the system[8]. Once the MonoX token's price was significantly high, the attacker exchanged their MonoX tokens for other assets within the system[8]. This led to the attacker obtaining millions of dollars' worth of other tokens for just a few dollars' worth of MonoX tokens because the system mistakenly believed that MonoX was an extremely expensive token[8].


"The exploit was caused by a smart contract bug that allows the sold and bought token to be the same. In the case of the attack, it was our native MONO token. When a swap was taking place and tokenIn was the same as tokenOut, the transaction was permitted by the contract."

"Any price updates from swap from tokenIn and tokenOut were independently verified by the contract. With tokenOut being verified last, this caused a massive price appreciation of MONO. The attacker then used the highly priced MONO to purchase all the other assets in our pool and drained the funds. The attack was completed through a script, and was highly organized."

Technical Analysis By Mudit Gupta

Mudit Gupta performed a technical analysis of the exploit[8].

An attacker stole $30m from MonoX across their ethereum and polygon deployments a few hours ago.

The exploit was caused by a smart contract bug that led to incorrect price updates when doing token swaps.

When a swap happens, the price of the token sent by the user drops, and the price of the token received by the user increases. This is known as price impact.

Sending a token for swap and receiving the same token back doesn't make much sense and shouldn't be allowed, however.....

It is not explicitly blocked in MonoX's code which means it is allowed.

MonoX updates prices after a swap by calculating new prices for both tokens in one go and then updating them one by one.

The price of tokenIn decreases and the price of tokenOut increases.

The edge case where tokenIn and tokenOut are the same causes a problem here.

Price update to tokenIn says that the price should decrease but the price update to tokenOut says that the price should increase.

In the code, instead of price updates staking on top of each other and canceling each other, the last price update overwrites the first price update.

The tokenOut update happens last which means the tokenIn update is ignored.

The price is increased by the tokenOut price update.

The attacker did a bunch of swaps from MonoX token to MonoX token to pump the price of MonoX token in the system.

Once the price was obscenely high, they swapped their MonoX tokens for all other assets in the system.

The attacker traded a few dollars of MonoX tokens for a few million dollars of other tokens because the system incorrectly thought that MonoX is a super expensive token.

Thereby, draining the pool.

Technical Analysis By BlockSecTeam

BlockSecReam published a technical analysis of the exploit on Twitter[12][10].

1/5) @MonoXFinance was hacked.

2/5) The reason is due to the same token used as tokenIn and tokenOut. Specifically, In `swapTokenForExactToken`, attacker can use the same token as tokenIn and tokenOut. After calculating new price, `Monoswap` contract will use `_updateTokenInfo` function to update price.

3/5) However, since tokenIn and tokenOut are the same token, updating of tokenOut will overwrite the price update of tokenIn, resulting in price pumping of this token.

4/5) In the end, the price of MooX token became extremely high and the attacker used this token to swap out almost all of other tokens in the pool.

MonoX Post-Mortem

The exploit was described as being due to a smart contract bug that allowed the attacker to use the same token for both buying and selling (in this case, MONO). This manipulation led to a significant price increase in MONO, which the attacker exploited to acquire other assets in the pool[5].

The exploit was caused by a smart contract bug that allows the sold and bought token to be the same. In the case of the attack, it was our native MONO token. When a swap was taking place and tokenIn was the same as tokenOut, the transaction was permitted by the contract.

Any price updates from swap from tokenIn and tokenOut were independently verified by the contract. With tokenOut being verified last, this caused a massive price appreciation of MONO. The attacker then used the highly priced MONO to purchase all the other assets in our pool and drained the funds.

The attack was completed through a script, and was highly organized.

Total Amount Lost

The attack drained the pool of assets in MonoX[8].

"First, we wanted to give you a quick breakdown of the addresses that have lost funds and each of these wallets are on top of mind to make right. 406 ETH and 15,523 Polygon addresses have been affected by the hack, and of these addresses, 42 ETH and 2,653 Polygon have been actively LPing in more than just 1 pool. Roughly $31M was drained from the pool as a result of the hack."

CryptoNews reported that the stolen assets include $10.5 million in Polygon (MATIC), $18.2 million in Wrapped Ethereum (WETH), $2 million in Wrapped Bitcoin (WBTC), and $31,000 in Chainlink (LINK)[7].

The MonoX post-mortem described the loss as around $31 million drained from the pool, affecting 406 ETH and 15,523 Polygon addresses, with some actively providing liquidity in multiple pools[5].

The total amount lost has been estimated at $31,000,000 USD.

Immediate Reactions

"BLOCKCHAIN STARTUP MONOX Finance said on Wednesday that a hacker stole $31 million by exploiting a bug in software the service uses to draft smart contracts."

"The past 24 hours have been difficult, and we’re simply at a loss for words. No apologies and no amount of words can describe how the team has been feeling since the attack transpired. We started building over a year ago with a mission to make DeFi more accessible to users and projects. We appreciate all the support we have received along the way from friends, partners, investors and our community of users."

"First, we wanted to give you a quick breakdown of the addresses that have lost funds and each of these wallets are on top of mind to make right. 406 ETH and 15,523 Polygon addresses have been affected by the hack, and of these addresses, 42 ETH and 2,653 Polygon have been actively LPing in more than just 1 pool. Roughly $31M was drained from the pool as a result of the hack."


The team reportedly took several steps in response, including attempting to contact the attacker, pausing the contract for rigorous testing and implementing a fix, contacting exchanges to monitor related wallet addresses, collaborating with security advisors, and conducting extensive investigations of wallet addresses[5].


The MonoX team confirmed the exploit, explaining that a vulnerability in the swap contract was exploited, causing the MONO token price to skyrocket[7]. MONO token's price had dropped by 14% to $5.12 at the time of reporting[7].

MonoX Post-Mortem

MonoX provided a post-mortem update to provide transparency about the incident and the steps being taken to address it, while also reassuring the community of their long-term commitment to the project's security and success[5]. The team expressed their deep regret and acknowledged the disappointment felt by their supporters and users[5]. They highlighted their commitment to security, including a three-month testnet, bug bounty program, and three audits prior to launch[5]. Despite these efforts, a smart contract bug allowed the attacker to manipulate the MONO token's price and drain the pool[5].

Ultimate Outcome

"As a new start up that had only launched our product for 2 months, we are in a tricky situation. Immediate remuneration of $31m to our users and investors is not possible. We also have to be conscious of compensating users with $MONO immediately because that would cause a downward death spiral of the token as users liquidate the $MONO. However, we are working on a strategy to pay back our users in full over time."

"If we can’t recoup the funds by 1/3/2022 we will issue a debt token dMONO for every dollar we are compensating. This token will be non-transferable, and we will deploy a dMONO vault."

"The way our protocol works, we are around 100x more profitable than a regular DEX with a similar TVL. When we relaunch again we will be buying back MONO using our revenue and sending MONO to this vault. Any holders of dMONO can withdraw from the vault at any time by burning their dMONO. When a withdrawal is done it is not reversible. If you choose to withdraw your dMONO before it reaches the owed value, it means you are forgiving the remaining portion of the debt."

"MonoX developers are working to implement new functionality to prevent exploits in the future. We will also be implementing new features to minimize LP risk by offering protocol-owned liquidity via bonds. More details on this to come in the near future."


The team expressed a commitment to fixing the issue, compensating the affected community, and subjecting their protocol to thorough audits before redeployment[5]. They emphasized their determination to continue working on MonoX and enhancing security to rebuild trust within the DeFi space[5].

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

Ongoing Developments

"We have started to work with Immunefi and will offer an ongoing bug bounty for our product. We will scale the bug bounty amount as our TVL increases." "In the future, we will scale out TVL more slowly and are actively seeking ways to match higher insured amounts for the pool."

"The next iteration of the MonoX protocol will be launched with the utmost attention to security and detail. MonoX will relaunch only after a considerable effort from its developers and safety partners is spent to ensure robust security."

Individual Prevention Policies

Individuals need to exercise caution when determining which smart contracts to interact with. In addition to the trustworthiness of the entity operating the smart contract, the smart contract also has to be free of vulnerabilities. Therefore it's recommended to avoid smart contracts which haven't completed a third party audit.

Avoid the use of smart contracts unless necessary. Minimize the level of exposure by removing or withdrawing assets whenever possible. Aim to choose smart contracts which have obtained third party security audits, preferably having been audited by at least three separate reputable firms. Pay attention to the audit reports, which smart contracts are covered, and whether the smart contract has been upgraded or modified since the report. Ensure that any administrative functions with the ability to remove funds from the smart contract are under the authority of a multi-signature wallet which is controlled by at least three separate and reputable entities.

Store the majority of funds offline. By offline, it means that the private key and/or seed phrase is exclusively held by you and not connected to any networked device. Examples of offline storage include paper wallets (seed phrase or key written down and deleted from all electronic media), hardware wallets, steel wallet devices, etc...

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

The incident could have been prevented or impact reduced through additional smart contract auditing, setting up more secure multi-signature wallets, and an industry insurance fund.

Smart Contract Auditing

It is likely that the MonoX vulnerability would have been uncovered through additional smart contract auditing.

All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.

Multi-Signature Wallets

It is far more secure to have the majority of funds in a multi-signature wallet where keys are stored offline by multiple operators. This would limit potential loss to only those funds being actively within the hot wallet, rather than the entirety of the liquidity pool.

All wallets, minting functions, and critical infrastructure should be implemented with a multi-signature requirement, with a recommended minimum of 3 signatures required. This means that making important changes or approving spending will require the keys held by at least 3 separate individuals within the organization to approve. The multi-signature should be implemented at the lowest layer possible, all key holders should have security training, and all key holders should be empowered and encouraged to exercise diligence.

Industry Insurance Fund

Having an industry insurance fund as a standard would be incentivized to provide new projects with resources and guidance to obtain smart contract auditing. In the event of a breach, an industry insurance fund could assist affected users.

Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

It is likely that the MonoX vulnerability would have been uncovered through additional smart contract auditing.

All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.

Having an industry insurance fund as a standard would be incentivized to provide new projects with resources and guidance to obtain smart contract auditing. In the event of a breach, an industry insurance fund could assist affected users.

Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References