The attacker who drained $46 million from KyberSwap relied on a “advanced and punctiliously engineered good contract exploit” to hold out the assault, based on a social media thread by Ambient trade founder Doug Colkitt.
Colkitt labeled the exploit an “infinite cash glitch.” Based on him, the attacker took benefit of a singular implementation of KyberSwap’s concentrated liquidity function to “trick” the contract into believing it had extra liquidity than it did in actuality.
1/ Completed a preliminary deep dive into the Kyber exploit, and suppose I now have a reasonably good understanding of what occurred.
That is simply essentially the most advanced and punctiliously engineered good contract exploit I’ve ever seen…
— Doug Colkitt (@0xdoug) November 23, 2023
Most decentralized exchanges (DEXs) present a “concentrated liquidity” function, which permits liquidity suppliers to set a minimal and most worth at which they might provide to purchase or promote crypto. Based on Colkitt, this function was utilized by the KyberSwap attacker to empty funds. Nonetheless, the exploit “is restricted to Kyber’s implementation of concentrated liquidity and doubtless won’t work on different DEXs,” he stated.
The KyberSwap assault consisted of a number of exploits in opposition to particular person swimming pools, with every assault being almost similar to each different, Colkitt stated. For instance the way it labored, Colkitt thought-about the exploit of the ETH/wstETH pool on Ethereum. This pool contained Ether (ETH) and Lido Wrapped Staked Ether (wstETH).
The attacker started by borrowing 10,000 wstETH (value $23 million on the time) from flash mortgage platform Aave, as proven in blockchain information. Based on Colkitt, the attacker then dumped $6.7 million value of those tokens into the pool, inflicting its worth to break down to 0.0000152 ETH per 1 wstETH. At this worth level, there have been no liquidity suppliers prepared to purchase or promote, so liquidity ought to have been zero.
The attacker then deposited 3.4 wstETH and supplied to purchase or promote between the costs of 0.0000146 and 0.0000153, withdrawing 0.56 wstETH instantly after the deposit. Colkitt speculated that the attacker might have withdrawn the 0.56 wstETH to “make the following numerical calculations line up completely.”
After making this accretion and withdrawal, the attacker carried out a second and third swap. The second swap pushed the value to 0.0157 ETH, which ought to have deactivated the attacker’s liquidity. The third swap pushed the value again as much as 0.00001637. This, too, was outdoors of the value vary set by the attacker’s personal liquidity threshold, because it was now above their most worth.
Theoretically, the final two swaps ought to have achieved nothing, because the attacker was shopping for and promoting into their very own liquidity, since each different person had a minimal worth set far beneath these values. “Within the absence of a numerical bug, somebody doing this could simply be buying and selling forwards and backwards with their very own liquidity,” Colkitt said, including, “and all of the flows would web out to zero (minus charges).”
Nonetheless, as a consequence of a peculiarity of the arithmetic used to calculate the higher and decrease sure of worth ranges, the protocol did not take away liquidity in one of many first two swaps but in addition added it again in the course of the remaining swap. Because of this, the pool ended up “double counting the liquidity from the unique LP place,” which allowed the attacker to obtain 3,911 wstETH for a minimal quantity of ETH. Though the attacker needed to dump 1,052 wstETH within the first swap to hold out the assault, it nonetheless enabled them to revenue by 2,859 wstETH ($6.7 million at at this time’s worth) after paying again their flash mortgage.
The attacker apparently repeated this exploit in opposition to different KyberSwap swimming pools on a number of networks, ultimately getting away with a complete of $46 million in crypto loot.
Associated: HTX trade loses $13.6M in scorching pockets hack: Report
Based on Colkitt, KyberSwap contained a failsafe mechanism throughout the computeSwapStep operate that was meant to forestall this exploit from being attainable. Nonetheless, the attacker managed to maintain the numerical values used within the swap simply outdoors of the vary that may trigger the failsafe to set off, as Colkitt said:
“[T]he ‘attain amount’ was the higher sure for reaching the tick boundary was calculated as …22080000, whereas the exploiter set a swap amount of …220799999[.] That reveals simply how rigorously engineered this exploit was. The test failed by <0.00000000001%.”
Colkitt known as the assault “simply essentially the most advanced and punctiliously engineered good contract exploit I’ve ever seen.”
As Cointelegraph reported, KyberSwap was exploited for $46 million on Nov. 22. The staff found a vulnerability on Apr. 17, however no funds had been misplaced in that incident. The trade’s person interface was additionally hacked in September final yr, though all customers had been compensated in that incident. The Nov. 22 attacker has knowledgeable the staff they’re prepared to barter to return a number of the funds.
