找回密码
 立即注册
首页 黑乌鸦事件 查看内容
  • QQ空间

起底Compounder.finance恶性DeFi跑路案,项目方收割超1200万美元

2020-12-3 12:48

近日,Compounder.finance用户被盗走超过1200万美元的资金,让人吃惊的是,这次攻击事件的罪魁祸首并非黑客,而是项目方本身,这也是目前性质最恶劣的DeFi跑路事件,原文由rekt团队撰写。

1606967071999

这里是罪人的希望,因为他们的罪过在匿名斗篷的保护下被遗忘了。

Rekt来到这里是为了照亮罪行,揭露攻击者的方法,而我们好以此为鉴。

Compounder.finance的网站及官方Twitter账户都被项目方删除了,而一份完整的安全审计报告为我们的调查提供了唯一的线索。

RektHQ现在正忙着呢,我们开始调查的时候事件已经发生了几个小时…当我们联系审计方时,他们似乎并不希望看到我们。

p2

“请不要发那样该死的内容,你真的吓到我了, weaker hands可能会报告这件事或一些狗屎。”
在我们提供了一些保证之后,Solidity.finance向我们提供了他们与compounder.finance交谈的完整聊天记录。

p3

其他受害者也向我们伸出援手,展示了他们与compounder管理者进行的早期交谈,并表达了他们的担忧。

p4

Solidity.finance告诉我们,他们仅与compounder管理员进行了简短交谈,他们确实审核了合约,并且他们在文档中指出,尽管资金池有一个时间锁(timelock)控制,但这个时间锁并没有提供任何保护。

以下内容来自他们的聊天记录:

p5

在我们调查的这个阶段,solidity.finance仍然是存在疑点的,我们想知道他们为何会认为compounder.finance团队看起来“非常值得信赖”。

p6

p7

在阅读聊天记录时,我们注意到尽管帐户被删除了,但保留了一个用户名“ keccak”。

p8

p9

尽管solidity.finance表示keccak已经删除了他们的帐户,但我们已经找到了他们的帐户,并正在尝试联系。

p10

不幸的是,Vlad不想通电话,所以我们给他们发了一条消息,但并没有期望他能够回应。

直到……

p11

Vlad 准备好交谈了,不幸的是,他并不想合作。

p13

我们仍可以通过@keccak在Telegram上找到Vlad / keccak,但是他不再回应,并删除了他账户中的图片。

我们将他的旧头像附在此处,供大家参考和调查。

我们被告知,图中的狼来自一部著名的乌克兰动画片,上面写着“come by if something comes up”,而左边则是反核武器的海报。

不幸的是,这对受影响的用户并没有太多帮助。

p14

在认清Vlad不想谈话的情况后,我们访问了Compounder的官方电报群,而里面的人们都很欢迎我们。

p15

滚动浏览聊天内容时,我们看到了由官方跑路行为所引发的典型反应。

p16

即使是大玩家也遭到了这次跑路事件的重创,受害者们成立了一个调查小组(686名成员),其中带头人损失了100万美元,他们试图进行报仇。

p17

帖子可以在这里找到。

 

统计数字

作为调查的一部分,我们找到了Solidity.finance以及来自Stake Capital的@vasa_develop,并要求他们合作创建一份完整的事后分析报告。

以下数据来自他们的报告。

被盗取的资产(8种):

  1. 8,077.540667 WEth (价值4,820,030美元);
  2. 1,300,610.936154161964594323 yearn: yCRV 金库(价值1,521,714.8美元);
  3. 0.016390153857154838 COMP (价值1.79美元);
  4. 105,102,172.66293264 Compound USDT (价值2,169,782.85美元);
  5. 97,944,481.39815207 Compound USD Coin (价值2,096,403.68美元);
  6. 1,934.23347357 Compound WBTC (价值744,396.89美元);
  7. 23.368131489683158482 Aave计息YFI (价值628650.174379401美元);
  8. 6,230,432.06773805 Compound Uniswap (价值466378.99美元);
跑路后,官方将资金转移到了以下这些钱包:
  1. https://etherscan.io/address/0x944f214a343025593d8d9fd2b2a6d43886fb2474 1,800,000 DAI ;
  2. https://etherscan.io/address/0x079667f4f7a0b440ad35ebd780efd216751f0758 5,066,124.665456504419940414 DAI,39.05381415 WBTC,4.38347845834390477 CP3R,0.004842656997849285 COMP,0.000007146621650034 UNI-V2。
部署者通过Tornado.cash隐藏其资金来源,并向7个不同的地址发送了ETH,其中大部分都只有一笔交易 。然而,其中有一个地址在11月19日、20日、22日以及23日分别收到了4笔付款。该地址的大部分资金都来自一个持有超过100万KORE代币的地址(在跑路前,该地址只有1万 KORE代币)。

 

攻击分析

这次攻击事件的罪魁祸首,是项目方在完成审计后在其代码库中添加了7个恶意策略合约。

策略合约中的非恶意withdraw()函数如下所示:

p18

注意,我们有了一些检查,比如:

p19

这些检查在7份恶意策略合约中是缺失的。这允许控制者合约(由跑路策略师控制)从策略中提取资产。

(注意下面的恶意withdraw函数中缺失的检查)

p20

完整的跑路过程可以分为4个步骤进行解释:

步骤1

Compounder.Finance部署者部署了包含操纵withdraw()函数的7个恶意策略。

步骤2

Compounder.Finance部署者通过Timelock(24小时)交易在StrategyController中设置并批准7个恶意策略。

步骤3

Compounder.Finance部署者(策略师)在StrategyController上调用inCaseStrategyTokenGetStuck(),它滥用了恶意策略的可操纵withdraw()函数,将策略中的代币转移到StrategyController,并对7种恶意策略都执行这种操作。

步骤4

Compounder.Finance部署者(策略师)在StrategyController上调用了inCaseTokensGetStuck() ,该函数将代币从StrategyController传输到Compounder.Finance部署者地址。现在,Compounder.Finance部署者完全控制了用户的资产,共计价值12,464,316.329美元。

资产已被转移到此处列出的多个地址。

 

p21

那应该怪谁?

经过我们的分析,我们知道这不是审计方的问题,他们尽职地完成了自己的任务,确保Compounder Finance不受外部攻击的影响,同时他们也在审计报告和聊天群中表达了他们的担忧。

也许他们本可以更明显地表达出这些担忧,但最终,最终责任还是在存储者的身上。

尽管Compounder.finance使用了时间锁来表明他们不会跑路,但现在我们知道,这种方法是不可信的。如果使用了它,则应建立一个自动警报系统或仪表板,以监控该地址的交易。

并且24小时的时间锁,似乎不足以让用户移除自己的资金。尽管我们不能说所有匿名创始人的项目都是骗局,但几乎所有的骗局,都是来自匿名创始人的项目。作为一个社区,我们需要警惕这些项目,尤其是那些使用Tornado.cash来隐藏资金来源的项目。

此外,审计报告的存在,不足以保证项目的安全性及合法性。审计通常更关注来自外部攻击者的风险,而不是内部攻击者,这也许是审计师需要改进的一个领域。

即使有审计、时间锁(timelock)以及燃烧掉的密钥,存储用户总是任由项目方的摆布,他们随时可能向市场投放大量的代币。

p22

 

来自Solidity.Finance的官方声明

 
“C3PR部署了新的“策略合约”,这使得团队可以清空用户资金所在的策略合约。他们有延迟24小时交易的时间限制,但我们警告说,这是不够的,因为谁会关注呢?他们在24小时前就通过这笔交易开始了这个改变:

5个小时前,他们盗走了资金。

我们主要关注的是来自外部的攻击,我们意识到了这种风险,但其只延迟了24小时,而没有人关注这些动作。”

我们都知道我们应该在投资前检查智能合约,但这里的知识壁垒很高,不是每个人都知道该找什么,那些知道的人,也没有动力去分享他们的发现。

在C3PR的例子中,知道的人很早就意识到了危险,而使跑路成为可能的代码总是存在的。

而这次C3PR跑路事件,卷走了超过1200万美元的用户资金,可以说是有史以来最大的defi跑路案。

 

The rekt reaper has a way of making people talk.

In the final moments, as TVL approaches zero, and the drawdown becomes unbearable, a faceless figure enters the chat.

When a protocol is wounded beyond repair, and it’s time has come to shuffle off this mortal coil, the fourth and final horseman arrives to guide them to the afterlife, presenting himself in .gif format.

Compounder.finance was rug pulled for over $12,000,000.

In our volatile community, greed and desperation are punished and rewarded in equal yet unpredictable ways.

Here there is hope for the sinner, whose transgressions are forgotten as they escape down-chain in their cloak of anonymity.

Rekt is here to shine a light on the sinful - to expose their methods so that we all can learn.

The compounder.finance site and Twitter account were deleted instantly.

A completed security audit offered our detectives the only lead.

These are busy times at RektHQ, a few hours had already passed when we started to investigate… When we contacted the auditors for a quote, they were less than pleased to see us.

Please don’t send death shit like that, you for real had me scared for my safety for a minute over here and weaker hands might report that or some shit.

After our detective offered some reassurance, Solidity.finance provided us with the full chat logs of their conversation with compounder.finance.

Other victims also reached out to us, showing early conversations with compounder admins where they voiced their concerns.

Solidity.finance told us that they had only briefly spoken with the admins, and although they had indeed audited the contract, they had stated in the document that although the pools were treasury controlled by a timelock, that the timelock offered no protection.

The following message is from their chat logs.

At this stage in our investigation, solidity.finance was still a suspect. We wanted to know why they had thought that the compound.finance team seemed ”very trustworthy”

When reading the chat logs, we noticed that although the accounts had been deleted, one username remained - “keccak”.

Although solidity.finance said keccak had deleted their account, we had already found their account and were trying to make contact.

Unfortunately, Vlad didn’t want to talk on the phone, so we sent them a message, not expecting him to respond.

Until…


Vlad was ready to talk. Unfortunately, he wasn’t very cooperative.

Vlad / keccak can still be reached on Telegram via @keccak, however he no longer responds, and has since deleted the images on his account.
We attach his old avatars here for your consideration and investigation.

We have been informed that - The wolf one is from a famous Ukrainian cartoon in Russian, which says “come by if something comes up”

The left one is a anti-nuclear-weapon poster.

Not much help for the affected users unfortunately.


Once it became clear Vlad wouldn’t talk, we visited the official Compounder telegram group, where it became apparent that our reputation precedes us.

As we scrolled through the content of the chat, we saw all the typical behaviours that are caused by a freshly pulled rug.


Even large players are humbled by the power of a rug pull. This group leader lost $1,000,000 and has opened his own investigation group (686 members) in an attempt to have some revenge.

The thread can be found here.

The Statistics

As part of our investigation, we introduced Solidity.finance to @vasa_develop from Stake Capital and asked them to work together to create a full post-mortem of the incident.

The following data is taken from their
report.

Assets Rugged (8):

  • 8,077.540667 Wrapped Ether ($4,820,030.07)
  • 1,300,610.936154161964594323 yearn: yCRV Vault ($1,521,714.80)
  • 0.016390153857154838 Compound (COMP) ($1.79)
  • 105,102,172.66293264 Compound USDT ($2,169,782.85)
  • 97,944,481.39815207 Compound USD Coin ($2,096,403.68)
  • 1,934.23347357 Compound Wrapped BTC ($744,396.89)
  • 23.368131489683158482 Aave Interest bearing YFI ($628,650.174379401)
  • 6,230,432.06773805 Compound Uniswap ($466,378.99)

Wallets with the funds after rug-pull

The main culprit(s) of this hack were the 7 malicious Strategy contracts that were added to the codebase after the audit.

A non-malicious withdraw() function from a Strategy contract looks something like this.


Notice that we have some checks like:

These checks were missing in the 7 malicious Strategy contracts. This allows the Controller contract (which was controlled by the rug-puller strategist) to withdraw the assets from the Strategy.

(Note the missing checks below in the malicious withdraw function)

The complete rug-pull can be explained in 4 steps.

Step 1

Compounder.Finance: Deployer deployed 7 Malicious Strategies with manipulated withdraw() functions.

Step 2

Compounder.Finance: Deployer Set and Approve 7 Malicious Strategies in StrategyController via Timelock (24h) transactions.

Step 3

Compounder.Finance: Deployer (strategist) called inCaseStrategyTokenGetStuck() on StrategyController which abuse the manipulated withdraw() function of the Malicious Strategies to transfer the tokens in the Strategies to the StrategyController. Do this for all 7 Malicious Strategies.

Step 4

Compounder.Finance: Deployer (strategist) called inCaseTokensGetStuck() on the StrategyController which transfers the tokens from the StrategyController to the Compounder.Finance: Deployer (strategist) address. Now the Compounder.Finance: Deployer (strategist) has full control over 8 assets valued at $12,464,316.329.

Judgement Day:

Who is to blame?

After our analysis, we know it’s not the auditors, who dutifully completed their task, making sure that Compounder Finance stayed safe from external attacks, while also voicing their concerns in their audit report and the TG chat.

Perhaps they could have voiced these concerns slightly louder, but in the end, the ultimate responsibility will always lie with the depositor.

Compounder.finance used a timelock as an indicator that they wouldn’t pull the rug. We know now that this method can’t be trusted. If it is used, an automated alert system or dashboard should be put in place to monitor transactions at that address.

24 hours appears to be insufficient to provide enough warning for users to remove funds.

Not all projects with anonymous founders are scams. This entire industry was founded by an anon.

However, nearly all scams are projects with anonymous founders. As a community, we need to be wary of these projects; especially those who use untraceable sources of funds like Tornado.cash.

The mere existence of an audit report is not sufficient to assure a projects' safety or legitimacy. Audits often focus on risks from external attackers more than internal - perhaps this is an area where auditors need to improve.

Even with audits, timelocks and burnt keys, depositors are always at the mercy of other users, who may dump huge amounts of tokens onto the market at any time.

Solidity.Finance: The Official Statement

C3PR deployed new “strategy contracts” which allowed the team to empty out the strategy contracts where users funds were held. They have a timelock to delay transactions by 24 hours but we warned that was insufficient, because who would be watching? They began this change over 24 hours ago at this TXID:

Pulled out money here 5 hours ago:

We primarily focus on attacks from outside individuals, we saw this risk but it was just delayed 24 hours and no one was watching. Every investment where the team has a lot of control comes down to whether the project team is legitimate or not, and here they are clearly not.

We all know we should read smart contracts before we invest, but the knowledge barrier is high. Not everyone knows what to look for, and those who do are not incentivised to share their findings.

In the case of C3PR, users who listened were made aware of the danger very early on, and the code that made the rugpull possible was always present.

Despite this, over $12,000,000 accumulated in the contract, which can now be labelled as one of the largest rug pulls of all time.

来自: rekt