Euler Finance Hack Analysis - Flash Loan Attack
Overview:
On March 13, 2023, a logical flaw in Euler Finance's recently launched donation liquidity feature was exploited for flash loans. The hacker changed the conversion rate logic for borrowing and selling DAI tokens, causing the project to lose $197 million.
Smart Contract Hacking Overview:
- Exploit contracts : 0xebc291, 0x036ce , 0xD3b7CE , 0x0b812c
- Attacker address : 0x5f259, 0xb2698c
- Attacker 's transaction: 0xc310a0, 0x47ac3
- Vulnerability code: #L232 , #354
- Euler's contract: 0xe025e3
Decoding the smart contract vulnerability:
- The attacker obtained a $30 million DAI flash loan from AaveV2 to activate the exploit, and he set up two accounts — one as the borrower and the other as the liquidator.
- The attacker transferred 30M DAI to the borrower's account, who then used 20M DAI and minted 195M e-DAI and 200M d-DAI.
- The attacker then used the borrower's account to repay 10 million DAI, which reduced the value of the d-DAI token by 10 million DAI.
- To make the situation liquid, the borrower again minted 195 million e-DAI and 200 million d-DAI tokens. However,
donateToReserve()a logic error in the methodology caused e-DAI tokens to be burned instead of d-DAI tokens, resulting in an unsecured “d-DAI” token debt that could never be repaid.
- The liquidator liquidated the debt and borrowed it, generating a profit of 310 million e-DAI, which was later converted to 38.9 million DAI equivalent.
- The attacker then repaid the Flash loan and made a net profit of 8.8 million DAI. The attack continued until the attackers depleted the project's funds. Get more blockchain learning materials through Github!