Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Alchemix Finance is a synthetic asset protocol around tokenizing future yield. Using the DAO, it's possible to access the future yield. This is done by issuing a synthetic token that represents the fungible claim of assets left by the depositors.

The synthetic debt token, or alAssets, represent the user's future yield. These are backed by the corresponding underlying asset at a near 1:1 value. These can be realized by swapping the underlying asset for the alAsset over time. Or, things can be traded on the open market.

Within loan based protocols, there is a process called liquidations. This happens when a user's collateral drops below a certain threshold; loans are over collateralized so the protocol doesn't lose money. When this happens though, they want the original funds back but the user took them with their loan. So, a liquidation is the process of trading the collateral at a discount to get the loaned asset.

The vulnerability is a bad liquidation check, leaving the protocol with bad debt. In particular, a sandwich attack can occur to mess up the price of a given asset. The exploitation of this is pretty weird but makes since in the context.

Here's the step by step on how to exploit this missing check:

1. Deposit 100 stETH and take a loan for 50 alETH. The maximum is 50% in order to prevent the protocol from losing money.
2. Call the liquidate() function on the loan that was just taken out. Crucially, set the minOut to be 0. We are trying to sandwich the trade call made within this.
3. The unwrap() function is susceptible to sandwich attacks. So, we can make the trading ratio between the two tokens next to nothing!
4. The protocol sends the liquidator the collateral for providing the small amount of loaned out value.
5. The protocol didn't get enough of the tokens to pay off the bad debt but still paid out for the liquidation! We profited almost 50% from this.

This essentially allows us to bypass the typical solvency checks on the account. The attack gives us back all of the collateral and allows us to keep the loaned asset. This is done by sandwiching the trade on ourselves in order to make a really bad ratio for asset A to Asset B. Neat attack!

Overall, a weird use case for sandwiching. Most of the time, we're sandwiching other users. In this case, we sandwiched ourselves to break the math being done. To fix this, Alchemix ensures that the remaining collateral from a liquidation (if any) divided by the debt is above the minimum colleralization ratio.