On Dec-28–2020 at 08:08:12 AM +UTC an exploit was abused on Cover Protocol’s shield mining contract (Blacksmith). The core Cover Protocol product is not affected and is functioning as intended. This exploit only affected the mining contract and the $COVER token.
What was the root cause?
As many have explained, this line of code caused the updating of the pool state to be ineffective on the miner’s state when depositing. This misalignment will cause the Blacksmith to mint more rewards to the miner. This bug has been present (unknown to devs) in the Cover Protocol Blacksmith contract since the day it was deployed after being audited.
A community member informed us on Dec 27th at 6pm UTC that they were able to gain a little rewards boost on their deposit. After investigating the issue, we attempted to mitigate the problem by implementing the following:
- Adding an update pool transaction before the deposit so that the pool was updated when user deposits, this will mitigate the issue for users using UI.
- Starting a cron job to run every 20 mins to update any pool that hadn’t been updated recently.
The more frequent the pools are updated, the less extra rewards the miners will get. To our knowledge and analysis at the time, the above two should mitigate the problem to a point that is not worth exploiting. To our deepest regrets, we missed the amplifier(below).
The missed amplifier was the difference between the amount the miner deposits and the total lpTokens existing in the pool pre-deposit. The greater the difference(1wei v.s. 1e18 wei for example), the bigger the above bug caused extra rewards. If the difference is big enough, the time passed does not matter, miners can still gain ~infinity amount of COVER tokens.
In the event of Grap Finance’s interactions with the contract, 1 wei was left in the pool. It multiplied the rewards by 1e18+, causing the mint of 40 quadrillion $COVER.
This happened on all pools that had less than 1e18 lpToken total deposited, mostly are new and the exploiter was the first to act.
Timeline for Exploiter 1
Dec-28–2020 04:09:27 AM +UTC
- A new Balancer pool was added to the Blacksmith contract from the team’s multisig via a transaction for the new coverage expirations.
Dec-28–2020 08:08:12 AM +UTC
- An attacker executes the first deposit to the contract, depositing 1,326,880 BPT tokens
Dec-28–2020 at 08:11:16 AM +UTC
- The same attacker then called withdraw(), exploiting the contract for ~703.64 $COVER and withdrawing 1,326,878.99 BPT
Dec-28–2020 08:47:15 AM +UTC
- The first sell of the exploited $COVER tokens can be found here: https://etherscan.io/tx/0x66128a1685605b1798c852e14db0b0232a56e3bebf7f3f35b168642801754beb. During this time there were multiple accounts abusing the exploit, and selling their $COVER on market.
Dec-28–2020 09:18:28 AM +UTC
- The attacker continues minting and while the attack vector is still present. https://etherscan.io/tx/0xf81fb72ee096e0d7afe4b99a55b723110604fb26ec82846043cfc396e1fa79da
In total, Exploiter 1 stole around $4.4 million of user funds and transferred it to this address. We are actively tracking this address and others which participated in the exploit.
Timeline for Grap Finance
Dec-28–2020 11:54:47 AM +UTC
- Grap Finance: Deployer (Externally owned account) deposited 15,255.552810089260015362 BPT (DAI/Basis pool) into the Blacksmith farming contract.
Dec-28–2020 11:58:04 AM +UTC
- Grap Finance: Deployer withdraws their 15,255.552810089260015361 BPT (DAI/Basis pool), leaving just 1 wei in their balance in the Blacksmith farming contract.
Dec-28–2020 11:58:56 AM +UTC
- Another user withdraws most of his full balance (1,007.599009946121991627 BPT) from the Blacksmith. Now Grap Finance alone has all liquidity for the DAI/Basis pool on the shield mining Blacksmith contract, exactly 1 wei.
Dec-28–2020 12:00:21 PM +UTC
- Grap Finance: Deployer deposited back 15,255.552810089260015361 BPT (DAI/Basis pool) on the Blacksmith farming contract..
Dec-28–2020 12:02:04 PM +UTC
- Grap Finance: Deployer claimed the rewards, and because of only 1 wei of balance combined with the storage/memory issue this led to the minting of 40,796,131,214,802,500,000.212114436030863813 $COVER.
Dec-28–2020 12:29:03 PM +UTC
- Grap Finance: Deployer starts to sell as many tokens as possible through 1inch.exchange in multiple transactions.
Dec-28–2020 12:59:27 PM +UTC
- Grap Finance: Deployer burns minted tokens: https://etherscan.io/tx/0xe6c068ca3605228b2435a414f2b372057340f77d3fe9f1d3967eb1ad128cb5d2
Dec-28–2020 at 01:41:01 PM +UTC
- Grap Finance: Deployer sends the 4351 (1 + 4350) ETH they have extracted by selling $COVER to the deployer account, which accounts for 34% of the total exploit damage ($9.4 million)
Timeline of Cover Protocol team
Dec-28–2020 at 08:11:16 AM +UTC
- The first major mint of ~703.64 $COVER was made by exploiter 1.
Dec-28–2020 at 10:54:00 AM +UTC
- A non-dev team member was notified of the ongoing incident, and rushed to notify the core team. Unfortunately all of the devs were asleep at this time.
Dec-28–2020 12:02:04 PM +UTC
- Grap Finance: Deployer minted 40,796,131,214,802,500,000.212114436030863813 $COVER.
Dec-28–2020 at 12:04:00 PM +UTC
- 2 core team members wake up and are instantly notified of the incident. They immediately begin working on mitigating the exploit.
Dec-28–2020 at 12:22:19 PM +UTC
- The core team successfully removed minting rights from the Blacksmith contract and moved the minting permissions to a dummy contract to prevent further exploitation of the mint.
Dec-28–2020 at 1:30:00 PM +UTC
- The core team begins speaking directly with our Yearn partners to study the exploit and understand exactly how it had occurred. Emiliano Bonassi successfully replicated it in a test.
Dec-28–2020 at 11:51:00 PM +UTC
- After thorough observation and discussion with the Cover Protocol team and our Yearn partners, Emiliano Bonassi successfully replicated it in a test.
We hope this post-mortem allows users to get a better grasp and understanding of the exploit that took place today.
We are still on target to release V2 (Q1 of 2021) for Cover Protocol. We are sincerely sorry about the outcome of the attack and we thank everyone so much for your continued support.
A compensation plan, using a snapshot (taken some point before block #11541219) to distribute a new token and the returned 4,351 ETH, will be drafted up in the next couple days and will be released as soon as possible. Please stay tuned.
We would like to thank the whole Yearn Ecosystem and also everyone who reached out to offer their support. The amount of information gathered in the time from the attack to this post would have not been achievable without the below individuals.
Contributors in gathering information/data (in no specific order & sorry if we are missing anyone):
COVER is a completely valueless governance token and has 0 financial value. Please exercise proper due diligence before interacting with Cover smart contracts, staking contracts, and all subsequent deployed contracts associated with Cover.