Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Equalizer Finance is a decentralized market focused on flash loans.

The number of liquidity tokens created while minting was calculated based upon the amount of underlying tokens in the contract. The code for calculating this is shown below:

uint256 denominator = stakedToken.balanceOf(address(this)) 
                     * factor / total_supply();

tokensToMint = amount * factor / denominator 

The token amount of LP tokens owned by the contract can be manipulated using the flashloan functionality. By calling flashloan, the balance of the contracts LP tokens is drastically decreased. Why is this bad? The denominator shown above takes into consideration the amount of LP tokens it owns! The smaller the denominator (hence amount of tokens in the contract) the more tokens that would be minted.

The flow of the attack is as follows:

1. Take out a flash loan from the vault for almost all of the LP tokens. In the real attack, they took half of the funds (50K USDC).
2. Add the flash loaned funds as liquidity to the protocol. This brings back up the funds to 100K USDC and we get about 50K in LP tokens.
3. Remove the liquidity. The flawed calculation shown above for minting returns a ridiculous amount of USDC back: 100K USDC.
4. Pay back the flash loans. A massive profit has been gained.

This service had been audited by Certik once and this vulnerability was missed. To me, this is a fairly straight forward attack so it's scary to me this was missed. Overall, good write up and explanation of the bug though!