攻击交易:
https://etherscan.io/tx/0xddf8c15880a20efa0f3964207d345ff71fbb9400032b5d33b9346876bd131dc2
https://oko.palkeo.com/0xddf8c15880a20efa0f3964207d345ff71fbb9400032b5d33b9346876bd131dc2/
合约代码:
https://etherscan.io/address/0x1cec0e358f882733c5ecc028d8a0c24baee02004#code
https://etherscan.io/address/0x9a280f81b0c6959061715370ec0eb7720ce1f002#code
函数deposit
function deposit(address _protocol, address[] memory _tokens, uint256[] memory _dnAmounts)
public operationAllowed(IAccessModule.Operation.Deposit)
returns(uint256)
{
//distributeRewardIfRequired(_protocol);
uint256 nAmount;
for (uint256 i=0; i < _tokens.length; i++) {
nAmount = nAmount.add(normalizeTokenAmount(_tokens[i], _dnAmounts[i]));
}
uint256 nBalanceBefore = distributeYieldInternal(_protocol);
depositToProtocol(_protocol, _tokens, _dnAmounts);
uint256 nBalanceAfter = updateProtocolBalance(_protocol);
PoolToken poolToken = PoolToken(protocols[_protocol].poolToken);
uint256 nDeposit = nBalanceAfter.sub(nBalanceBefore);
uint256 cap;
if(userCapEnabled) {
cap = userCap(_protocol, _msgSender());
}
uint256 fee;
if(nAmount > nDeposit) {
fee = nAmount - nDeposit;
poolToken.mint(_msgSender(), nDeposit);
} else {
fee = 0;
poolToken.mint(_msgSender(), nAmount);
uint256 yield = nDeposit - nAmount;
if (yield > 0) {
//Additional Yield received from protocol (because of lottery, or something)
createYieldDistribution(poolToken, yield);
}
}
.......
function depositToProtocol(address _protocol, address[] memory _tokens, uint256[] memory _dnAmounts) internal {
require(_tokens.length == _dnAmounts.length, "SavingsModule: count of tokens does not match count of amounts");
for (uint256 i=0; i < _tokens.length; i++) {
address tkn = _tokens[i];
IERC20(tkn).safeTransferFrom(_msgSender(), _protocol, _dnAmounts[i]);
IDefiProtocol(_protocol).handleDeposit(tkn, _dnAmounts[i]);
emit DepositToken(_protocol, tkn, _dnAmounts[i]);
}
}
函数deposit
存在重入攻击,并且在调用token.safeTransferFrom后判断存入多少已经存在合约_protocol
中的_registeredTokens
数量根据数量计算mint数量,而在_protocol
合约中函数handleDeposit
对不在列表_registeredTokens
中的合约依旧执行,
function handleDeposit(address token, uint256 amount) public onlyDefiOperator {
uint256[] memory amounts = new uint256[](nCoins());
for (uint256 i=0; i < _registeredTokens.length; i++){
amounts[i] = IERC20(_registeredTokens[i]).balanceOf(address(this)); // Check balance which is left after previous withdrawal
//amounts[i] = (_registeredTokens[i] == token)?amount:0;
if (_registeredTokens[i] == token) {
require(amounts[i] >= amount, "CurveFiYProtocol: requested amount is not deposited");
}
}
deposit_add_liquidity(amounts, 0);
stakeCurveFiToken();
}
所以可以通过自己创建合约并在safetransfer函数中继续调用deposit
并且在最后一次deposit时修改deposit参数为合约_protocol
中_registeredTokens
存在的目标token(提前授权)同时每次deposit的normalizeTokenAmount(_dnAmounts)
都要大于目标token的normalizeTokenAmount(_dnAmounts)
在执行后会成倍mint pooltoken再调用withdraw取回目标token会成倍提取质押的目标token。