Sep 2021 - NowSwap Protocol Logic Error - $1.069m (Global)
"Nowswap is a DEX with lower transaction fees for smaller trades." "The Nowswap protocol is a new decentralized exchange that supports low transaction fees for retail-sized swaps. This is accomplished through the world’s first dynamic transaction fee design that calculates its fee by looking at the trade size relative to the TVL. Through this design Nowswap aims to offer close to free token exchange for small trades."
"The idea for Nowswap emerged last year, when our developer, Jason, wondered why the transaction fee at Uniswap was set to 0.3% — and whether there were any alternatives that were more affordable."
"After spending much of Q4 2020 diving into the design of all available DEXes, Jason built the first iteration of Nowswap. It was successful at providing a drastically lower transaction fee in low volatility pairs compared to leading decentralized exchanges. At 0.1%, it reduced the transaction fee to be exactly ⅓ of what it would have been on Uniswap. This first iteration was launched on Ethereum mainnet in January 2021." On July 8th, the NowSwap team "officially launched the Nowswap Public Beta."
"In addition, the Nowswap Protocol plans to offer incentives for users who provide liquidity, more advanced trading tools, a governance token, as well as many more features to come." "The NowSwap contract code is not open-source, which makes it more difficult for bugs to be detected and reported by security researchers." "The liquidity pool was reduced from US$1,069,197 to US$24.15. The attacker made a profit of 536,000 USDT and 158 WETH. A total of more than 1 million US dollars."
"On 09/15/21, Nowswap’s Spot protocol was exploited and about $1M worth of TVL was drained. The cause was a bug in the pair contract that did not catch an invalid K value. The team started working on the incident and related follow-ups." "The details of the NowSwap hack are very familiar. They mirror the Uranium Finance hack that occurred in April 2021."
"The Uranium Finance and NowSwap hacks were made possible by an error when updating the smart contract’s code. The original code of the contract contained a value, K, of 1,000 in three different places. The update to the code changed this value in two places but not the third."
"The root cause of this incident was not due to missing 0 because Nowswap does not have any constant value in the K check formula." "Normally when a swap happens, (use input Token0 and output Token1 as an example) the amount0In and amount1Out are both positive, while the amount0Out and amount1In are both zero." "However, in the attack transaction, the hacker attempted to swap token0 for token0. Therefore, amount0In and amount0Out were both positive while the amount1In and amount1Out were both zero. Because the amountIn and amountOut of Token1 was zero, part of the K value check formula also became 0, which then bypassed all the subsequent safety checks. As a consequence, the attacker was able to swap an arbitrary amount of token out."
The "[h]acker created the malicious address and transferred 0.14723529 ETH from [an address] which is tagged as Huobi37." "Hacker’s contract for Nowswap was created." "The hacker made the attack through the transaction and swapped out ~158 WETH and ~535,706 USDT from the Nowswap liquidity pool to the Hacker’s address. The transaction was included in block 13229001." "Attacker swapped all USDT into ETH through 1inch." The "[a]ttacker [finally] deposited [the] ETH to Tornado.Cash in 4 transactions."
"The incident was first identified through @PuPuThrashing’s tweet. The team also noticed this incident from the sudden drop in TVL shown in Nowswap’s Info Site."
"After discovering this attack, the team took immediate action. We first informed major stakeholders and the DeFi community about what happened."
"We are investigating the hack on our protocol."
"Then, we investigated the root cause of the incident with the help of smart contract security experts. The team compared the attack on Nimbus with the attack on Nowswap and found no correlation between the root causes. In addition, the team pieced together the on-chain and off-chain information to identify the hacker."
"The team has decided to take the Nowswap app site into maintenance to fully check the vulnerability of all features. The team is happy to provide bug bounties for developers providing help. We will continue to work with law enforcement to get the funds back."
"The Nowswap App is currently unavailable as we are investigating a vulnerability."
"This incident demonstrates the importance of open-sourcing code, staying aware of past security incidents in the DeFi space, and undergoing a complete security audit before launching any smart contract code to the blockchain. Taking any of these three steps might have enabled the vulnerability to be detected and fixed before an attacker exploited the project for $1 million in tokens."
"The Nowswap team has taken a painful lesson here. Moving forward, we are going to focus more on improving our test coverage to account for more edge cases. Although the protocol was running for 6 months and the protocol had
gone through 2 audits for the current version, we know this still does not guarantee safety. As for further development of Nowswap, the developers will open source early so that we can mitigate future risk. Additionally, we will provide complete documentation along with bug bounties for any white hats."
Further Analysis
The NowSwap protocol stored customer funds in their smart contract hot wallets, which was not only not audited but closed source. Due to an exploit, a vulnerability which was apparently similar to one exploited in April on Uranium Finance, $1m in assets were stolen.
How Could This Have Been Prevented?
We have advocated in our framework for the majority of customer funds to exist in multi-signature cold storage, while the hot smart contract portion would be fully insured by self insurance or our proposed industry insurance fund. In this way, no customer funds would have been lost in the breach. We also propose that new projects should be subject to a couple of expert validations prior to launch, which in this case would have a reasonable chance of detecting the exploit when reviewing the smart contract.
More Cryptocurrency Exchange Hacks/Scams/Frauds
SushiSwap MISO Jaypegs Automart > > < < GrowingFi Withdraw Not Checked
Sources/Further Reading
blocksec-incidents/2021.md at main · openblocksec/blocksec-incidents · GitHub (Aug 11)
Ethereum Transaction Hash (Txhash) Details | Etherscan (Oct 2)
@BlockSecTeam Twitter (Oct 2)
@peckshield Twitter (Oct 2)
Nowswap (Nov 13)
@nowswap_org Twitter (Nov 13)
https://nowswap.org/resources/nowswap-spot-postmortem-09-15-2021.pdf (Nov 13)
@PuPuThrashing Twitter (Nov 13)
Ethereum Transaction Hash (Txhash) Details | Etherscan (Nov 13)
https://nowswap.medium.com/?p=1853680013b3 (Nov 13)
Explained: The NowSwap Protocol Hack (September 2021) - Halborn (Nov 13)
SlowMist Hacked - SlowMist Zone (Jun 26)
Wayback Machine (Apr 29)
 t.me/QuadrigaInitiative
|
 /r/QuadrigaInitiative
|
 @QuadrigaInit
|
 info@quadrigainitiative.com
|