$18 800 000 USD

AUGUST 2021

GLOBAL

CREAM FINANCE

DESCRIPTION OF EVENTS

"C.R.E.A.M. Finance is a decentralized lending protocol for individuals, institutions and protocols to access financial services. Part of the yearn finance ecosystem, it is a permissionless, open source and blockchain agnostic protocol serving users on Ethereum, Binance Smart Chain and Fantom. Users who are passively holding Ethereum or Bitcoin can deposit their assets on C.R.E.A.M. to earn yield, similar to a traditional savings account."

 

"At approximately 12pm on 31st August (UTC +8), C.R.E.A.M. Finance was exploited for 462,079,976 in AMP tokens and 2,804.96 ETH tokens."

 

"There was a main exploit along with a smaller copy-cat. The copy-cat exploit address has withdrawal history from Binance. We are working with Binance to identify the second perpetrator. We will forward all relevant information to law enforcement authorities and prosecute to the fullest extent of the law."

 

"The hack is made possible due to a reentrancy bug introduced by $AMP, which is an ERC777-like token and exploited to re-borrow assets during its transfer before updating the first borrow." "The AMP token contract implements ERC777, which has the _callPostTransferHooks hook that triggers tokensReceived() function that was implemented by the recipient. The reentrancy opportunity related to ERC-777-style transfer hooks allowed the exploiter to nest a second borrow() function inside the token transfer() before the initial borrow() was updated. This was used over 17 transactions."

 

"With the assistance of PeckShield, we have determined that the root cause of the exploit was an error in the way C.R.E.A.M. Finance integrated AMP into our protocol. While unfortunate and disappointing, we take ownership of the error."

 

"Since the execution of this attack vector would result in the protocol holding bad debts against the attacking contract address, each attacking contract could only be used once. The attacker repeated the attack 7 times with deployments of duplicated attacking contracts before 10 revised version of the attack were launched."

 

"In the first wave of the attacks, the attacker started with supplying ETH as collateral in crETH market, and then borrowed AMP from crAMP market. Within the execution of transferring AMP to the attacking contract, _callPostTransferHooks was called, which in turn executed an external contract call that then re-entered crETH market to borrow ETH against the very same collateral that was supposed to be posted for borrowing AMP."

 

"To be more specific, the vulnerability is present within our borrow function when executed in combination with $AMP token’s ERC777 implementation, which calls the tokenReceived hook. In our crToken contract, we transfer the loan before updating the storage. Since $AMP is an ERC777-like token, tokenReceived hook is called. This allowed the attacker to nest a second borrow() function before the initial borrow() completed its execution, the effect of which allowed the attacker to borrow more than normally they would have been allowed."

 

"[I]n the example tx, the hacker makes a flashloan of 500 ETH and deposit the funds as collateral. Then the hacker borrows 19M $AMP and makes use of the reentrancy bug to re-borrow 355 ETH inside $AMP token transfer(). Then the hacker self-liquidates the borrow." "The hacker repeats the above process in 17 different txs and gains in total 5.98K ETHs (with ~$18.8M)."

 

"We paused the AMP supply and borrow functions. We will re-enable the AMP market when a patch can be safely deployed. We are working with auditors and technical advisors to ensure that we can safely protect against similar attacks in the future."

 

"We will be replacing the stolen ETH and stolen AMP so that there’s no liquidity issues for users. We will commit to allocating 20% of all protocol fees toward repayment until this debt is fully paid. In the meantime, we will post a CREAM collateral with the Flexa/AMP team to secure this debt."

 

"We are committed to making this right for those negatively impacted by the exploiter. We are committed to this industry and building innovative DeFi products. We appreciate the support of our partners and community and will move forward together."

 

"We have long term goals, and C.R.E.A.M. Finance will continue to build and innovate. We will learn from this exploit and use it as an opportunity to further strengthen the C.R.E.A.M. protocol. While certainly a setback, we remain driven in our mission to bring capital efficiency decentralized lending markets, fulfilling the financial needs of individuals, institutions and protocols."

 

"@CreamdotFinance hacker just returned 5,152.6 ETH"

Cream Finance is a decentralized lending program. There was a reentrancy exploit in the smart contract hot wallet where AMP and ETH were stored. This enabled a hacker to remove 462,079,976 in AMP and 2,804.96 ETH. It appears that Cream Finance has committed to making this right, and that the hacker ultimately returned the funds. A 10% bounty was offered.

HOW COULD THIS HAVE BEEN PREVENTED?

Hot wallets should either not store customer funds, or be insured fully through smart contract insurance or our proposed industry insurance fund.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.