About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

The DFX Finance Hack Explained- 1001

Solidity Scan - ShashankPosted 3 Years Ago
  • DFX Finance is a decentralized exchange for stablecoins. The exchange had flash loan functionality as well. A flash loan is where a large amount of money can be borrowed by a user, as long as the funds can be sent back with a fee.
  • The flash loan functionality completely lacked reentrancy protection. A nice visual from Peckshield shows a call to the flash() function then the deposit() function without escaping it.
  • To prevent the stealing of funds on the flash loan, the balance after the flash loan MUST be equal or exceed the original balance. Here's where the vulnerability lies: this checks the overall balance!
  • An attacker can take out a flash loan then deposit the funds into their account! By doing this, the balance is the same and the attacker has tricked the contract into thinking they have a very large sum of money.
  • A few interesting takeaways. First, reentrancy protection should be added everywhere, even when it seems unnecessary. In this case, the flash loan didn't have the reentrancy protection but the deposit did. However, the deed was done!
  • Second, this was audited by Trail of Bits in V1 and the functionality for the flash loan was audited by PickAx for V1. But, the reentrancy bug was not caught in the V2 audit. Overall, interesting bug from different function calls to the contract. Another discussion can be found at Twitter and Halborn.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed