Prisma Finance Exploit-March 28, 2024-Detailed Analysis — ImmuneBytes
On March 28th, 2024, multiple addresses exploited Prisma Finance, resulting in a loss of around $12.3 million. Three assailants leveraged a flaw in the Prisma Finance MigrateTroveZap contract, allowing them to manipulate the migration procedure.
Subsequent to the breach, a wallet that received funds from the primary exploiter reached out to the Prisma Finance deployer, asserting their actions as a white-hat rescue effort.
About Prisma Finance
Prisma Finance is a decentralized borrowing protocol that empowers users to mint a stablecoin, mkUSD, secured solely by liquid staking tokens.
Alongside collateral, loans are safeguarded by a Stability Pool housing mkUSD and by fellow borrowers who serve as collective guarantors of last resort.
The Total Value Locked (TVL) in the Prisma Finance protocol stands at $51.08m at the time of writing, with the token price being $0.14.
Root Cause of the Hack
The root cause of this incident was a lack of input validation. In Web3 protocols, ensuring input validation is crucial for the security and effectiveness of smart contracts. It involves verifying user-provided data to ensure it meets specified criteria, such as data type and range.
This prevents vulnerabilities like re-entrancy attacks and malicious input manipulation. Validating inputs also optimizes gas usage, reducing transaction costs. Smart contracts must validate parameters for functions, handle external data securely, and ensure safe interactions with other contracts.
In the particular incident of Prisma Finance, the exploited vulnerability resides in the MigrateTroveZap contract, which neglected to validate data from onFlashloan() operations. This enabled the attacker to manipulate the Prisma Finance migration process, which had been advertised in recent days then, and illicitly acquire assets.
Detailed Technical Analysis
Following are the steps in which the attack panned out:
Step 1: The exploit focused on the MigrateTroveZap contract, intended to automate Trove manager migration via the migrateTrove function across different versions. This vulnerability impacted solely those users who had granted approvals to the vulnerable contract.
Step 2: Initially, upon user invocation of this function, it computes the collateral and debt to migrate to the new trove manager. Furthermore, this function initiates the debtToken.flashloan function, specifying the collateral and debt amounts for the debt token.
Step 3: Subsequently, the debtToken.flashloan() function will invoke the MigrateTroveZap.onFlashLoan() function to finalize the migration process.
The issue arises in step 3, where the data received from onFlashLoan() lacks validation. It relies on the data provided by the flashloan() call within the debt token contract. Ordinarily, this wouldn’t pose a problem, as flashloan() is typically called after MigrateTroveZap.migrate(). However, flashloan() can be invoked by any user upon payment of a fee, rendering the data supplied from the debt token contract unreliable for the migration process.
Exploiting this, the attacker called the flashloan() function, directing it to the MigrateTroveZap address and manipulated the data to execute a fraudulent migration, subsequently pilfering users’ collateral in subsequent operations.
Attack Sequence
This attack sequence revolves around a transaction with three key phases:
Hack Txn: https://etherscan.io/tx/0x00c503b595946bccaea3d58025b5f9b3726177bbdc9674e634244135282116c7
The assailant executed mkUSD.flashLoan() with a value of 1,442,100 mkUSD and directed it towards the MigrateTroveZap contract.
- The borrower address 0x56a201b872b50bbdee0021ed4d1bb36359d291ed owed 1442100643475620087665721 mkUSD.
- Simultaneously, the collateral for this address amounted to 1745081655656230243345 (1,745 wstETH).
The MigrateTroveZap.onFlashLoan() function was activated with attacker-crafted data, owing to the flash loan in step 1:
closeTrove
troveManager: 0x1cc79f3f47bfc060b6f761fcd1afc6d399a968b6
Account: 0x56a201b872b50bbdee0021ed4d1bb36359d291ed
data:(crafted by the attacker, as follows)
- borrower: 0x56a201b872b50bbdee0021ed4d1bb36359d291ed
- troveManagerFrom: 0x1cc79f3f47bfc060b6f761fcd1afc6d399a968b6
- troveManagerTo: 0x1cc79f3f47bfc060b6f761fcd1afc6d399a968b6
- maxFeePercentage: 0x000000000000000011c3794b4c52ff
- Coll: 463184447350099685758
- upperHint: 0xe87c6f39881d5bf51cf46d3dc7e1c1731c2f790a
- lowerHint: 0x89ee26fcdff6b109f81abc6876600ec427f7907f
openTrove() was invoked, establishing a new trove. The calculation resulted in 1281897208306130557587 (1,281 wstETH) remaining in the MigrateTroveZap contract.
The attacker then initiated a position and withdrew the wstETH balance from MigrateTroveZap, employing the following steps:
- Flash loaned 1 wstETH and executed openTrove().
- Repeatedly called MigrateTroveZap.onFlashLoan() to migrate the new trove with crafted data. This included the remaining wstETH amount (1282797208306130557587) in MigrateTroveZap.
- Closed the trove and received 1282797208306130557587 (1,282 wstETH).
- Repaid the 1 wstETH flash loan.
The bulk of the losses stemmed from EOA 0x7E39E3B3ff7ADef2613d5Cc49558EAB74B9a4202, which pilfered approximately $11.6 million. Initially funded through FixedFloat, this entity dispersed stolen funds to three wallets, one of which sent an on-chain message to the Prisma Finance deployer purporting to be a white-hat actor.
Despite transferring 1,850 ETH (~$6.5m) to Tornado Cash, another on-chain message indicated an intention to relocate funds to a more secure location.
Mitigation Steps
Mitigating the lack of input validation in Solidity smart contracts is crucial for enhancing security and preventing vulnerabilities. Here are some mitigation steps:
- Implement Comprehensive Input Validation: Before processing, conduct thorough validation checks on all user inputs, including data types, ranges, lengths, and formats, to ensure they meet expected criteria.
- Use Safe Math Operations: Use the SafeMath library or equivalent techniques to prevent integer overflow and underflow vulnerabilities and ensure that arithmetic operations on numbers are conducted safely.
- Leverage Modifiers and Access Control: Employ modifiers and access control mechanisms to restrict access to critical functions and ensure that only authorized users or contracts can interact with sensitive operations.
- Adhere to the Principle of Least Privilege: Grant only the minimum privileges required for contract functions to perform their duties, thereby minimizing the attack surface and mitigating potential damage from exploitation.
- Utilize External Calls Safely: When interacting with external contracts or oracles, validate input parameters and carefully handle returned data to mitigate risks such as reentrancy attacks and data manipulation.
- Use Immutable and Upgradeable Contracts: Consider deploying immutable contracts or employing upgradeable contract patterns with robust upgrade mechanisms to address vulnerabilities and implement fixes when necessary.
- Enable Code Audits and Testing: Conduct regular code audits and comprehensive testing, including fuzz and boundary testing, to identify and rectify input validation issues and other vulnerabilities before deployment.
Hack Aftermath
Fortunately for Prisma Finance users, the main attacker, who caused the bulk of the “losses,” seems inclined to return the misappropriated funds. As a result, the projected amount of recovered funds for affected projects in 2024 totals around $87 million. This estimate assumes that $10 million will be returned to Prisma Finance, factoring in a potential 10% bounty, although no bounty has been confirmed at the time of writing.
Conclusion
In conclusion, the hack targeted vulnerabilities within the MigrateTroveZap contract of Prisma Finance, enabling attackers to exploit the migration process and pilfer approximately $12.3 million.
The primary culprit, EOA 0x7E39E3B3ff7ADef2613d5Cc49558EAB74B9a4202, was responsible for the majority of the stolen funds, amounting to around $11.6 million.
The event emphasizes the vital significance of implementing robust security measures and conducting comprehensive validation checks in smart contract development.
Originally published at https://www.immunebytes.com on May 14, 2024.