Feb 2022 - Superfluid Wallet Impersonation - $8.7m (Global)
"Discover Programmable Cashflows. Handle subscriptions, salaries, rewards and any composable stream of value, with continuous settlement and per-second netting for extreme capital efficiency."
"Superfluid is a smart contract framework on L1 Ethereum, enabling you to move assets on-chain following predefined rules called agreements. With a single on-chain transaction, the money will flow from your wallet to the receiver in real time! No further transactions required- it works like magic."
"Superfluid is a new token standard, with the power to describe cashflows, and execute them automatically on chain over time in a non-interactive way."
"Superfluid flows are programmable, composable and modular. Our first cashflow types allow constant streams of value, and one-to-many distributions."
"All flows are settled at the same time, based on block timestamps. This makes it possible to net inflows and outflows, increasing capital efficiency."
"Despite the new lingo, Superfluid looks to be a foundational programmable money application on public blockchain. Currently, it may be targeting the crypto world, but the real-world business application potential is massive." Kyle Semani of Multicoin Capital, which led the funding round, wrote that Superfluid “represents the biggest step forwards in value transfer since the advent of Bitcoin.”
"Think about salary payments, particularly for people who often need to resort to payday loans. What if you could pay them hourly? With Superfluid that’s entirely possible. It lets you open a “stream” where you set a rate over a period of time, say $15/hour. It converts that into a per-second amount and can continuously stream that amount to the recipient’s wallet. Sure, people don’t work 24 hours a day, but you get the idea." "Because it’s programmable money, the recipient could also set up a stream to use the incoming salary payment, maybe to pay their rent if their landlord has a wallet."
“Things like subscriptions have never taken off in crypto, while in Web 2 every online business is a subscription business. Money streaming is futuristic and aligned with crypto ethos, and can help the crypto native economy to flourish.”
"Prior to the attack, Superfluid’s contracts were peer-reviewed by several users and advisors to the project, as well as audited by Peckshield."
"On February 8, 2022, an attacker exploited Superfluid’s host contract by passing in faulty calldata, which allowed them to create distribution indexes spoofing several different accounts that held Super-tokens. This vulnerability enabled the attacker to move funds from Superfluid user wallets to exchanges on Polygon and swap to ETH."
"Superfluid.sol, known as the host contract, is the contract that allows composable Superfluid agreements (ConstantFlowAgreement, InstantDistributionAgreement) in one single transaction, and the composed systems are often called Super Apps."
"However, in order to have a trusted and shared state through the entire transaction between different agreement calls, a concept called “ctx” (a serialized state managed by the host contract) is introduced. The “ctx” contains all the context an agreement function needs to know, that includes especially who is the “msg.sender” of the initial call."
"That’s where an unfortunate vulnerability was exploited. The attacker was able to skillfully craft the calldata such that the process of serialization in the host contract and succeeding de-serialization in the agreement contract resulted in the agreement contract operating on a context object forged specifically to impersonate other accounts. This mechanism was used in order to create IDA indexes “on behalf” of other accounts and move out their tokens that way."
"The problem was that as in the exploiting function deleteAnyFlowBad, one can inject a fake ctx. After being merged into one bytes object by Superfluid.replacePlaceholderCtx (the Host doesn’t make any assumptions about agreement specific data), the resulting dataWithCtx now contains 2 ctx variants, the legitimate one and the injected one. When the agreement contract decodes this data, the abi decoder takes the first (injected) variant and ignores the remaining data which contains the legitimate ctx."
"In total, 11’008 MATIC, 1’507’931 MOCA, 28 ETH, 39’357 sdam3CRV, 19’387’874 QI, 44’581 SDT, 23’653 STACK and 562’834 USDC were stolen by the attacker." "$8.7M drained from Superfluid. The crypto streaming protocol was exploited by an anonymous attacker, causing collateral damage to several other DAO's."
"When the development team was first notified of the attack at 6:48 am UTC, after gathering more information and identifying the vulnerability, the decision was made to execute a protocol update which temporarily blocked all agreement invocations. This was done in order to make sure that no further funds could be drained. One hour and a half later, another protocol upgrade containing the actual mitigation was deployed."
"At the time of writing, over 2700 ETH is sitting in the attacker’s wallet, as well as 500’000 MOCA. The wallet is being monitored. Forensic researchers were engaged to attempt to track down the attacker."
"[T]he attack is over and the vulnerability has been patched. There are no additional funds at risk. There are no indications of any other vulnerabilities or attack vectors in the system."
"The attacker was offered a $1M bounty for the safe return of the funds. The offer remains on the table." "While we are still hoping the attacker will return the funds (we’ve offered a 1M$ bug bounty), they have so far not responded. We will do everything in our power to retrieve these funds, and to this end we’re engaging experienced forensic experts to track down the address. It wouldn’t be the first time a Tornado Cash address is de-anonymized."
"As part of our broader plan to shield the Superfluid Protocol users against malicious actors and enhance the overall security of its smart contracts, today we are launching a Bug Bounty program to reward white hat hackers and developers for discovering and reporting bugs in the Superfluid smart contracts codebase." "[W]e are designing a formal bug bounty program that will launch on February 15th, 2022." "This program will offer a reward up to $200,000 for vulnerabilities classified as “critical”, where there is a direct theft of any user funds, or any permanent freezing of funds."
"After discussions with impacted parties, a compensation plan was developed." "As of now, in less than 18 hours from the attack, we have already recapitalized 80% of the affected addresses through a direct transfer of USDC. The remaining 20% represents more than 90% of the funds stolen, in particular the larger losses suffered by the QI and MOCA teams. After consulting with these teams, we have agreed on a longer term compensation plan which takes into account the range of available options given the entirety of circumstances, including financial considerations. We are grateful these projects fully understand and appreciate our position."
Further Analysis
Superfluid offers an innovative way for entities to continually stream payments, settling recurring and continual payments without multiple transactions being required. Despite multiple audits, an exploit still existed in the smart contract hot wallet which allowed the attacker to impersonate paying entities and create payment flows to themselves, stealing a total of $8.7m. The attacker successfully mixed funds with TornadoCash, however 10% of funds (and 80% of users) were reimbursed by the team. The project continues after launching a bug bounty and most recently sponsoring a hackathon.
How Could This Have Been Prevented?
Unfortunately this project placed all funds in smart contract hot wallets, when it would have worked just as well if the hot wallets were periodically funded from a cold storage multi-sig wallet. As we already know, even audited smart contract hot wallets can be vulnerable to exploits. A good partnership could create an insurance fund to cover any future losses.
More Cryptocurrency Exchange Hacks/Scams/Frauds
Trading Software Remote Control Allan Jones > > < < Meter.io Minting Exploit
Sources/Further Reading
Rekt - Superfluid - REKT (Feb 18)
https://www.superfluid.finance/home (Feb 21)
What is Superfluid? - Superfluid (Feb 22)
Superfluid raises $9m for crypto programmable money with novel business potential - Ledger Insights - enterprise blockchain (Feb 22)
Superfluid Sponsoring Ethernals 2022 Hackathon (Feb 22)
Launching Superfluid Bug Bounty Program With Immunefi (Feb 22)
Ethereum-based money streaming protocol Superfluid raises $9 million (Feb 22)
Superfluid Raises $9M for a New Take on Streaming Payments - CoinDesk (Feb 22)
@Superfluid_HQ Twitter (Feb 22)
@Superfluid_HQ Twitter (Feb 22)
@Superfluid_HQ Twitter (Feb 22)
https://icodrops.com/superfluid/ (Feb 22)
Polygon Transaction Hash (Txhash) Details | PolygonScan (Feb 22)
 t.me/QuadrigaInitiative
|
 /r/QuadrigaInitiative
|
 @QuadrigaInit
|
 info@quadrigainitiative.com
|