Orion Network Set Liability Vulnerability

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Orion Network Logo/Homepage

Orion Network is a protocol designed to help connect decentralized finance to centralized exchange liquidity. Orion Network suffered from a vulnerability where the setLiability function could be called multiple times. The exploit was described as complicated by analysis firms. The hacker reported that they were a whitehat hacker. They requested a 10% bounty in exchange for returning the rest of the funds.[1][2][3][4][5][6][7][8][9][10][11][12][13]

About Orion Network

"EARN MORE WITH ORION. SAVE TIME WITH ORION. STAY SECURE WITH ORION." "Best prices. Your wallet. Global access."

"Orion is on a transformative mission to redefine DeFi trading, seamlessly connecting the vast liquidity of both centralized and decentralized exchanges directly from your wallet. We aim to be the people's platform, ensuring democratized access to the best crypto prices while redistributing wealth back to our users worldwide.

Our vision aims to dominate the web3 space and continuously innovate the DeFi trading experience. We strive to be the world’s go-to crypto trading platforms, synonymous with innovation, community strength, and unparalleled market access."

"ORN is not just a digital asset; it's a passport to Orion's evolving ecosystem. As Orion embarks on its transformative journey, ORN holders are positioned to be at the forefront, ensuring they remain integral to Orion's future endeavors. Whether you're a referrer, a trader, or a liquidity node, the benefits of holding ORN are set to amplify over time."

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Orion Network Set Liability Vulnerability
Date Event Description
May 27th, 2024 10:25:10 PM MDT Malicious Transaction The malicious transaction occurs on the Binance Smart chain.
May 27th, 2024 11:27:00 PM MDT SlowMist Tweet Posted SlowMist posts about the suspicious transaction. Of course, details on the transaction itself are not included.
May 28th, 2024 2:51:00 AM MDT ChainAegis Tweet ChainAegis tweets including the transaction link.
May 28th, 2024 8:29:00 AM MDT Nick L Franklin Analysis Twitter user Nick L Franklin posts an analysis of the root cause for the exploit.

Technical Details

"Root cause is that victim contract didn't manage liability correctly. "setLiability" must be called once per tokens. But there's another function that changes assetBalances, "requestReleaseStake". Using this function, hacker could" "call "setLiability" twice with ORN token. After that, he could withdraw much more tokens using this vulnerability."

Total Amount Lost

$616 (SlowMist/ChainAegis) or $645 (Phalcon).

The total amount lost has been estimated at $616,000 USD.

Immediate Reactions

"According to the SlowMist security team, the liquidity aggregator protocol Orion's contract was attacked, resulting in a loss of approximately $616,000."

"We detected potential suspicious activity related to @TradeOnOrion"

Ultimate Outcome

"Dear developer, this is a white hat rescue hack. I wish no harm on your project and I appreciate what you're doing in defi world. Provide address to which I should transfer the assets back. Given the scale of the exploit, could we please consider a 10% bounty."

"Dear white hacker, thank you very much for the finding. Please return the funds back to the address. We agree to the bounty amount. Coule you please contact us by @truenico or email for further cooperation? Thank you!"

A bounty of $61,000 USD was paid for the discovery.

Total Amount Recovered

The total amount recovered has been estimated at $555,000 USD.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. SlowMist Hacked - SlowMist Zone (Jun 12, 2024)
  2. @SlowMist_Team Twitter (Jun 13, 2024)
  3. @ChainAegis Twitter (Jun 13, 2024)
  4. BNB Smart Chain Transaction Hash (Txhash) Details | BscScan (Jun 13, 2024)
  5. @0xNickLFranklin Twitter (Jun 13, 2024)
  6. Home - Orion (Jun 13, 2024)
  7. Mission & Vision | Orion – The CEXY DEX (Jun 13, 2024)
  8. Token | Orion – The CEXY DEX (Jun 13, 2024)
  9. @Phalcon_xyz Twitter (Jun 13, 2024)
  10. @Phalcon_xyz Twitter (Jun 13, 2024)
  11. @CryptoEvgen Twitter (Jun 13, 2024)
  12. @CryptoEvgen Twitter (Jun 13, 2024)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Orion_Network_Set_Liability_Vulnerability&oldid=6032"