KyberSwap attacker used ‘unlimited cash flow’ to mine funds: DeFi expert
The attacker, who invested $46 million from KyberSwap, relied on a “sophisticated and carefully crafted smart contract exploit” to carry out the attack, Ambient Exchange founder Doug Colquitt said on the social media site.
Colquitt called the exploit an “indefinite financial crisis.” According to him, the attacker used a special implementation of CyberSwap's enhanced liquidity feature to “trick” the contract into believing it has more liquidity than it actually does.
1/ I've done my first deep dive into cyber exploitation, and now I think I have a pretty good understanding of what's going on.
This is easily the most complex and carefully developed smart contract exploit I've ever seen.
— Doug Colquitt (@0xdoug) November 23, 2023
Most decentralized exchanges (DEXs) offer a “composite liquidity” feature, which allows liquidity providers to set a minimum and maximum price to offer to buy or sell crypto. According to Colquitt, this feature was used by the KyberSwap attacker to withdraw funds. However, he said the exploit “is unique to implementing Cyber's enhanced liquidity and may not work on other DEXs.”
The KyberSwap attack consisted of multiple exploits against individual pools, each attack similar to the other, Colquitt said. To demonstrate how it works, Colkitt considers the exploitation of the ETH/wstETH pool on Ethereum. This pool contains Ether (ETH) and lido rolled stack Ether (wstETH).
The attacker started by borrowing 10,000 wstETH (worth $23 million at the time) from flash lending platform Aave, according to blockchain data. According to Colquitt, the attacker dumped $6.7 million worth of these tokens into a pool, causing the price to drop to 0.0000152 ETH per 1 wstETH. At this price point, there were no liquid suppliers willing to buy or sell, so liquidity should have been zero.
The attacker then deposits 3.4 wstETH and offers to buy or sell between the prices of 0.0000146 and 0.0000153, withdrawing 0.56 wstETH after the deposit. Colquitt speculated that the attacker may have spent 0.56 wstETH “so that the next number calculations line up properly.
After this deposit and withdrawal, the attacker made a second and third exchange. The second swap pushed the price to 0.0157 ETH which should have deactivated the attacker's liquidity. The third exchange pushed the price to 0.00001637. This was also outside the price range set by the attacker's own liquidity limit as it was now above the maximum price.
In theory, the last two swaps shouldn't have accomplished anything, since every other user had a lower rate below these values and the attacker was buying and selling. “In the absence of quantitative error, what one does is trade back and forth with one's own liquidity,” Colquitt said, “and all flows lead to zero[discount fees].
However, due to differences in the math used to calculate the upper and lower bounds of price ranges, the protocol failed to eliminate liquidity in one of the first two swaps but increased again during the last swap. As a result, the pool was exhausted “by doubling the liquid from the original LP position” allowing the attacker to receive a minimum ETH amount of 3,911 wstETH. The attacker had to dump 1,052 wstETH on the first exchange to carry out the attack, but still managed to make a profit of 2,859 wstETH ($6.7 million at today's prices) after paying them the flash loan.
The attacker repeated this exploit on other KyberSwap pools across multiple networks, eventually making off with a total of $46 million in crypto loot.
Related: HTX Exchange $13.6M Lost in Hot Wallet Hack: Report
According to Colquitt, KyberSwap contains an insecure mechanism in the computeswapstep function designed to prevent this exploit. However, the attacker was able to keep the numeric values used in the swap out of range, which would have triggered the failure, Colquitt said:
“[T]It was calculated that the ‘number reached' was the upper limit to reach the tick limit of … 22080000, but the multiplier set the switching rate of … 220799999.[.] That shows how carefully this exploit was made. The check failed by <0.00000000001%.
Colquitt called the attack “easily the most complex and carefully designed smart contract exploit I've ever seen.”
Cointelegraph reports that KyberSwap was mined for $46 million on November 22. The group discovered the vulnerability on April 17 but no money was lost in that incident. The exchange's user interface was also hacked in September last year, although all users were compensated in that incident. On November 22, the attacker informed the team that they were willing to negotiate to return some of the money.