A skilled coder has pocketed $8 million by exploiting a reentrancy bug in Origin Protocol’s oUSD smart contract.
OUSD is a new token that tracks the dollar price 1:1 by being backed with other stablecoins like USDt.
The project says this USDt and other stablecoin assets are sent to defi protocols to earn interest, with the oUSD token then free to move or be used while also earning the interest of the underlying assets.
So basically this is abstracting assets say on Compound, giving them an ownership token, with this token now free of the lending/borrowing burden while enjoying the benefit of interest.
Pretty cool, except there’s a reentrancy bug. 2016 ethereans will know such bugs are of the sort where due to a coding error, the smart contract thinks you have the right to mint the token when in fact you don’t. The team says, and we quote at length:
“The attack was a reentrancy bug in our contract. Unfortunately, our contract was safe from reentrancy bugs unless one of our supported stablecoins was attacking us.
The attacker exploited a missing validation check in mint multiple (when minting OUSD with multiple stablecoins) to pass in a fake “stablecoin” under their control. This “stablecoin” was then called “transferFrom” on by the vault, allowing the hacker to exploit the contract with a reentrancy attack in the middle of the mint.
The attacker was able to create a rebase event inside the second mint after funds had moved to OUSD from the first large mint, but before the supply of OUSD increased. This created a massive rebase for everyone in the contract, including the attacker. The attacker then also received their first large OUSD mint, giving them in total more OUSD than the contract had assets.
The attacker withdrew most of the stablecoins from OUSD.
They were then able to take extra OUSD after withdrawing and sell it on Uniswap and Sushiswap for USDT in subsequent transactions.”
This coder bothered to stop around and collect Compound tokens given for providing liquidity with some actions undertaken just to collect $9 worth of assets/eth.
So bringing the transaction fee to $250, a small price to pay for the $8 million he received thanks to a few lines of code.
That $8 million has largely now gone through mixer Tornado Cash and renBTC with the team pleading for the hacker to return the funds.
Something that he may well do in part, returning maybe $2 million with the rest perhaps better used to fund some sort of coding school where he can teach kids all this whiz in his yacht.
All that for free really in as far as he didn’t need upfront the 70,000 eth, $32 million, as dYdX just gave it to him because the flashloan code checked out in quite a bit of profit.
Meaning smart contract coders need to be even more careful now and need to erase from consideration the cost of attack because with flashloans, the cost is pretty much zero save for skill and coding time.
Featured Image Courtesy of Coder Julien Bouteloup