QI Quadriga Initiative

Jul 2024 - Spectra Finance Routing Utility Command Exploit - $550k (Global)

"Fix Rates, Trade Yield, Earn On Your Liquidity or Build Apps"

"Individual to organisation. Basic strategy to advanced. Spectra helps you connect the dots."

"Spectra is an EVM-centric protocol for interest rate derivatives with an easy-to-use flagship app.

The Spectra protocol is permissionless, meaning its services are entirely open for public use. Anyone can create new markets at will, swap yield derivatives, or become a liquidity provider."

"Spectra is a decentralized interest rate derivatives protocol with different entities and individuals contributing to its development and adoption.

Spectra Protocol: A decentralized, permissionless interest rate protocol that permanently exists on the Ethereum Virtual Machine.

The Spectra App: a flagship interface that allows easy interactions with the Spectra protocol. Multiple protocol interfaces can exist.

Spectra Governance: A governance system for governing the Spectra Protocol, enabled by the APW token."

"A suspicious Discord user, believed to be the attacker, started making false claims about issues with Spectra's YT token contracts to prompt users to withdraw funds. Those who attempted to withdraw were required to approve the transaction first, making them vulnerable to the attack."

"The incident resulted from the exploitation of a command in the routing utility contract. This command allowed Spectra users to enter and exit the pool with a token of their choice. After prompting users to leave the pool the attacker exploited the command in order to sweep funds once a user unknowingly approved the transaction on the router."


"The attacker managed to hijack user transactions, resulting in a loss of around 168 ETH. The attack occurred on Ethereum Mainnet."

"Upon identifying the attack vector, [the Spectra] team promptly activated an incident response plan, disabling the Spectra App and terminating router contracts that enabled the attacker to hijack transactions.

As a precaution, Principal Token contracts were paused, preventing token exchanges at Curve's pool level (Spectra's primary AMM). The contracts were unpaused at approximately 9 PM UTC the very same day."

The Spectra "team’s swift reaction enabled [them] to limit the effects as a total of 4 wallets were impacted."

"Spectra has disabled the application and terminated the router contract to contain the situation, while the core protocol contract remains unaffected. Security personnel Chaofan Shou indicated that the attack stemmed from an arbitrary call in the router contract, allowing the attacker to drain all tokens approved by the contract."

"On July 24th, Spectra released a security incident analysis report, stating that the attacker hijacked user transactions on Spectra, affecting a total of 4 wallets and causing a loss of approximately 168 ETH. The core protocol contract of Spectra remains unaffected, with the funds within the contract secure. The application was restored on the morning of July 24th."

"The Spectra App has been disabled and router contracts terminated to contain a coordinated attack on our users' interactions with the app.

The attack began today around 3 PM UTC and affected some users depositing and withdrawing from the app.

The situation is under control, the core protocol contracts are not affected and the funds inside them are safe.

The works are in full steam to reinstate the Spectra App and release a post-mortem as soon as possible."

Further Analysis

Spectra is a decentralized interest rate derivatives protocol. Users can use the service obtain a fixed rate loan, trade yield, or earn a return on their liquidity. An unfortunate vulnerability allowed tokens to be stolen from users who signed a particular variant of withdrawal transaction, due to a vulnerability in the routing utility. Multiple protocol users were tricked into signing such a transaction and lost their assets.

How Could This Have Been Prevented?

More Cryptocurrency Exchange Hacks/Scams/Frauds

dYdX Exchange DNS Hijacking Attack > > < < Base Dawgz Fake Token Rug Pull

Sources/Further Reading

SlowMist Hacked - SlowMist Zone (Dec 31)
@spectra_finance Twitter (Dec 31)
@spectra_finance Twitter (Dec 31)
Spectra - Open Interest Rate Derivatives Protocol (Dec 31)
Spectra Overview | Spectra (Dec 31)
@spectra_finance Twitter (Dec 31)
23 July 2024 Incident Post-Mortem — Spectra (Dec 31)
Address 0x53635bf7b92b9512f6de0eb7450b26d5d1ad9a4c | Etherscan (Dec 31)
Ethereum Transaction Hash (Txhash) Details | Etherscan (Dec 31)
Ethereum Transaction Hash (Txhash) Details | Etherscan (Dec 31)
@spectra_finance Twitter (Dec 31)
Ethereum Transaction Hash (Txhash) Details | Etherscan (Dec 31)
Ethereum Transaction Hash (Txhash) Details | Etherscan (Dec 31)

Join Us!

 Name: Email:
t.me/QuadrigaInitiative /r/QuadrigaInitiative @QuadrigaInit info@quadrigainitiative.com
Sign-Ups: 100%

Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected User. For questions or enquiries, email info@quadrigainitiative.com.