The attacker who drained $46 million from KyberSwap relied on a “complicated and punctiliously engineered sensible contract exploit” to hold out the assault, in line with a social media thread by Ambient trade founder Doug Colkitt.
Colkitt labeled the exploit an “infinite cash glitch.” Based on him, the attacker took benefit of a singular implementation of KyberSwap’s concentrated liquidity function to “trick” the contract into believing it had extra liquidity than it did in actuality.
1/ Completed a preliminary deep dive into the Kyber exploit, and suppose I now have a reasonably good understanding of what occurred.
That is simply essentially the most complicated and punctiliously engineered sensible contract exploit I’ve ever seen…
— Doug Colkitt (@0xdoug) November 23, 2023
Most decentralized exchanges (DEXs) present a “concentrated liquidity” function, which permits liquidity suppliers to set a minimal and most value at which they’d provide to purchase or promote crypto. Based on Colkitt, this function was utilized by the KyberSwap attacker to empty funds. Nonetheless, the exploit “is particular to Kyber’s implementation of concentrated liquidity and possibly won’t work on different DEXs,” he stated.
The KyberSwap assault consisted of a number of exploits in opposition to particular person swimming pools, with every assault being practically an identical to each different, Colkitt stated. As an example the way it labored, Colkitt thought-about the exploit of the ETH/wstETH pool on Ethereum. This pool contained Ether (ETH) and Lido Wrapped Staked Ether (wstETH).
The attacker started by borrowing 10,000 wstETH (price $23 million on the time) from flash mortgage platform Aave, as proven in blockchain knowledge. Based on Colkitt, the attacker then dumped $6.7 million price of those tokens into the pool, inflicting its value to break down to 0.0000152 ETH per 1 wstETH. At this value level, there have been no liquidity suppliers keen to purchase or promote, so liquidity ought to have been zero.
The attacker then deposited 3.4 wstETH and supplied to purchase or promote between the costs of 0.0000146 and 0.0000153, withdrawing 0.56 wstETH instantly after the deposit. Colkitt speculated that the attacker could have withdrawn the 0.56 wstETH to “make the next numerical calculations line up completely.”
After making this layer and withdrawal, the attacker carried out a second and third swap. The second swap pushed the worth to 0.0157 ETH, which ought to have deactivated the attacker’s liquidity. The third swap pushed the worth again as much as 0.00001637. This, too, was exterior of the worth vary set by the attacker’s personal liquidity threshold, because it was now above their most value.
Theoretically, the final two swaps ought to have completed nothing, because the attacker was shopping for and promoting into their very own liquidity, since each different consumer had a minimal value set far under these values. “Within the absence of a numerical bug, somebody doing this could simply be buying and selling backwards and forwards with their very own liquidity,” Colkitt acknowledged, including, “and all of the flows would web out to zero (minus charges).”
Nonetheless, as a result of a peculiarity of the arithmetic used to calculate the higher and decrease sure of value ranges, the protocol did not take away liquidity in one of many first two swaps but additionally added it again in the course of the remaining swap. Consequently, the pool ended up “double counting the liquidity from the unique LP place,” which allowed the attacker to obtain 3,911 wstETH for a minimal quantity of ETH. Though the attacker needed to dump 1,052 wstETH within the first swap to hold out the assault, it nonetheless enabled them to revenue by 2,859 wstETH ($6.7 million at in the present day’s value) after paying again their flash mortgage.
The attacker apparently repeated this exploit in opposition to different KyberSwap swimming pools on a number of networks, ultimately getting away with a complete of $46 million in crypto loot.
Associated: HTX trade loses $13.6M in scorching pockets hack: Report
Based on Colkitt, KyberSwap contained a failsafe mechanism throughout the computeSwapStep perform that was meant to forestall this exploit from being potential. Nonetheless, the attacker managed to maintain the numerical values used within the swap simply exterior of the vary that might trigger the failsafe to set off, as Colkitt acknowledged:
“[T]he ‘attain amount’ was the higher sure for reaching the tick boundary was calculated as …22080000, whereas the exploiter set a swap amount of …220799999[.] That exhibits simply how rigorously engineered this exploit was. The verify failed by <0.00000000001%.”
Colkitt referred to as the assault “simply essentially the most complicated and punctiliously engineered sensible contract exploit I’ve ever seen.”
As Cointelegraph reported, KyberSwap was exploited for $46 million on Nov. 22. The crew found a vulnerability on Apr. 17, however no funds have been misplaced in that incident. The trade’s consumer interface was additionally hacked in September final yr, though all customers have been compensated in that incident. The Nov. 22 attacker has knowledgeable the crew they’re keen to barter to return a few of the funds.