Saddle Finance MetaSwap Nerve/Synapse Bridge Exploit

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Saddle Finance

Saddle Finance offers a automated market between different pegged assets. There was a vulnerability discovered in one of the smart contract hot wallets for metaswap. However, network validators blocked their exit to cash out the funds and funds were ultimately returned to affected users.

This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8][9][10][11]

About Saddle Finance

"Saddle is an automated market maker optimized for trading between pegged value crypto assets." "Saddle Finance was launched on Jan. 20, with the aim of alleviating the problematic spread between stablecoins and wrapped or tokenized crypto assets." "Saddle is the easiest way to trade and earn with pegged value crypto assets, beginning with tokenized bitcoin."

"Saddle is built by DeFi natives with prior years of developer experience at Web2 companies like Uber, Amazon, and Square." "According to the founder of the Saddle Finance platform Sunil Shrivastava, the main reason for creating the Saddle platform is to reduce the slippage chances of tradable assets by providing users the unequal opportunities to choose from four tokenized Bitcoin liquidity pools, including sBTC, tBTC, renBTC, and wBTC."

"Pegged value crypto assets are tokens that have their value pegged to an underlying asset by some means. For example, the value of a stablecoin or tokenized bitcoin is supposed to be $1 or 1 BTC, respectively."

"Different subtypes of pegged value crypto assets (i.e. USDT and USDC, or wBTC and renBTC) are better suited for specific on-chain actions, or may be supported only by specific applications. Trading in between those assets, therefore, should be as simple as exchanging 1–1. In other words, there should exist little to no arbitrage opportunity when trading between one stablecoin and another; users should be able to retrieve 1 USDT for 1 USDC — or as close to that as feasible."

"The issue with the pegged value asset market today is that the desired 1–1 trading isn’t easily accessible. Trading among and in between these types of assets can be expensive and inefficient, resulting in lost capital and therefore lost market leverage." "Saddle solves the pegged value crypto asset trading problem by offering an AMM specifically tailored to allow users to trade in between these assets with minimal slippage. Saddle achieves this through the StableSwap algorithm, enabling an autonomous market maker that allows for the transfer of pegged value assets with minimal slippage."

"Bitcoin is the largest cryptocurrency by market capitalization, and the amount of tokenized BTC on Ethereum has been exploding — the supply has increased ~135X in 2020. Despite this growth, tokenized BTC is often not a priority when it comes to features and support. We believe bitcoin deserves to be treated as a first-class citizen in DeFi."

"What’s different about Saddle is our commitment to open-source software and collaboration. The promise of DeFi, and of financial lego blocks, can only be fulfilled with a willingness to share and help one another. Our ethos is rooted in this desire to support the ecosystem."

"In terms of audits, Saddle Finance has undergone three back-to-back smart contract audits with Certik, Quantstamp, and Open Zeppelin." "The security of user funds is our top priority. Saddle is built on our new Solidity implementation of the StableSwap algorithm. Deploying new code that deals with money requires extra care and scrutiny, which is why we conducted three back-to-back smart contract audits with Certik, Quantstamp, and Open Zeppelin."

"It is also adopting the guarded launch mechanism." "Saddle is launching with Proof of Governance to protect our users with certain limits and discourage sybil attacks. Initially, there will be a pool TVL cap of 150 BTC and a per-address deposit limit of 1 BTC. These limits will be raised every 1–2 weeks." "For LPs to qualify for PoG, an address must have demonstrated active network participation."

"On 11/06/2021, an attacker manipulated the nUSD Metapool virtual price, lowering it by approximately 12.5%." "[A]t 11:40 am EST, Socrates from Synapse Protocol contacted Sunil on Telegram. One of the team’s contributors had noticed a bad actor taking advantage of a bug in Synapse’s Avalanche nUSD metapool."

"The exploit was possible due to a missing virtual price check on the _calculateSwap() function of the Saddle Metaswap implementation (used by the Synapse AMM). This allowed the attacker to continuously swapped from one asset to another within the same metapool without compensating for the liquidity removal in the first asset. A total of $8.2 million nUSD was drained from the pool, and the virtual price for nUSD within the pool was depegged and dropped by 12.5%."

"While most users directly swapped from Asset D to A, B, or C, when swapping to the LP token of A,B C, the Saddle Metaswap contract left out a check to calculate the base virtual price of the LP token. See line 424 of the Metaswap contract. Compare this to line 277, which correctly implements it, as adding liquidity & removing one token from the pool is effectively the same as a swap. This correctly scales the liquidity removal by the base virtual price. This is also correctly implemented in swapUnderlying()."

"The omission of the check described above allowed [the malicious actor] to loop through transactions continuously, lowering the Metapool virtual price and draining funds from LPs. A secondary address 0xb9...2415 linked to 0x38…81e8 performed transaction loops at a smaller scale."

"By 11:52 am the Saddle Multisig had been alerted and at 5:23 pm the tBTC v2 metapool was paused to prevent similar issues. Saddle worked with the Synapse team to diagnose the problem and begin implementing a fix for the vulnerability."

"Interestingly, the attacker just adopted the same approach used in the Synapse incident, which is not an optimized way to achieve the goal. Alternatively, it is possible launch attacks more efficiently, e.g., applying optimized parameters to drain the liquidity in one transaction. The result suggests that the attacker might NOT fully understand the root cause of this vulnerability."

"Although funds were drained from the metapool, the attacker was unable to exit, because they attempted to withdraw funds using the (same) Synapse bridge, and was stopped by network validators. Synapse assured users in their post-mortem that the $8.2 million nUSD will be returned to the affected liquidity providers."

"After Saddle’s post-mortem, we’ve increased the size of our gnosisSafe multisig from 3/5 to a 3/7, to include Aurelius from Synapse and Scoopy from AlchemixFi to improve our response time. [We've also c]reated a Telegram group for teams using Saddle code for faster comm[unications, p]rioritized formal verification of smart contracts with Certora[, and p]aid out [a] $50,000 Immunifi bug bounty to [the] vulnerability discoverer."

"Thwarting the attacker and fixing the vulnerability showed how multiple projects and users of different DeFi protocols can benefit equally from each other, thanks to open-source code (OSS) and collaboration. Improvements made in one codebase help to make better products across a whole ecosystem, once again proving the benefits of a Web3’s composability."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Saddle Finance MetaSwap Nerve/Synapse Bridge Exploit
Date Event Description
November 6th, 2021 Main Event Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost has been estimated at $8,200,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

A bounty of $50,000 USD was paid for the discovery.

Total Amount Recovered

The total amount recovered has been estimated at $8,200,000 USD.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

General Prevention Policies

There were no funds lost in this case. Saddle Finance has three separate audits which don't appear to have caught the vulnerability. The best practice is to have less funds in hot wallets and more managed through a multi-sig with offline keys, which can be disbursed over time. The hot wallet size can be increased based on the size of any treasury insurance fund, industry insurance fund, of blockchain smart contract insurance.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Fix for Metaswap exploit is live (Jan 9, 2022)
  2. Introducing Saddle, a specialized AMM for pegged value crypto assets (Jan 9, 2022)
  3. The Story of Saddle (Jan 9, 2022)
  4. Saddle (Jan 9, 2022)
  5. Address 0x3ab92d06f5f2a33d8f45f836607f8da68cab81e8 | SnowTrace (Jan 10, 2022)
  6. saddle-contract/MetaSwap.sol at 141a00e7ba0c5e8d51d8018d3c4a170e63c6c7c4 · saddle-finance/saddle-contract · GitHub (Jan 10, 2022)
  7. Fix incorrect fee math in MetaSwapUtils by penandlim · Pull Request #469 · saddle-finance/saddle-contract · GitHub (Jan 10, 2022)
  8. 11 06 2021 Post Mortem Of Synapse Metapool Exploit (Jan 10, 2022)
  9. The Analysis Of Nerve Bridge Security Incident (Jan 10, 2022)
  10. https://blog.insurace.io/security-incidents-in-november-e4bcb39dd7f9 (Feb 1, 2022)
  11. Cross-chain Protocol Synapse Bridge Prevents $8M Attack (Feb 7, 2022)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Saddle_Finance_MetaSwap_Nerve/Synapse_Bridge_Exploit&oldid=4284"