Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Fei is a stablecoin that does this through various algorithms. One method is the Protocol Controlled Value (PCV). The protocol itself controls a large amount of the liquidity provider tokens (LP tokens) in the Uniswap V2 pool for the ETH/FEI pair. Liquidity refers to the ability to change one asset into another. The LP is the entity that does this exchange.

In order to incentivize LP participation, an LP specific token is used. This gets people in the crypto market to put their assets into the pool. In this case, the token (ETH/FEI pari) represents a proportional share between the pool of tokens deposited.

When a call to allocate is made, this takes the PCV value and puts it into the Uniswap pool at the market rate. However, this should be done with the ETH/USD oracle price instead. Why is this?

If a bunch of ETH is deposited into the pool, FEI becomes expensive and ETH becomes cheap. Because of this controlled inflation on the value, the value is FEI is very high. Now, the purchase function can be used to purchase FEI at a standard (stable) $1.01.

Now, call allocate again. This deposits the PCV (in ETH) into the pool. The counterpart quantity of FEI is minted/burned directly by the protocol. With the distorted market (from the flash loan), more ETH is deposited than should be.

If the FEI is swapped back into the pool (from what we bought before), this will be worth MAY more ETH than it should be. By doing this over and over again, 60K ETH could be stolen.

To prevent this attack, the bonding curve is no longer supplied to the ETH/FEI Uniswap pool. Instead, the funds for the bonding curve are from a reserve stabilizer, which places a hard floor on the price of ETH. Additionally, a slippage parameter was added in order to prevent mass manipulation from causing so much damage.

The final issue was the improper usage of an isContract check. It is possible to do this by ensuring that the msg.sender is the same as the tx.origin alongside the check the no code being at the address. Interesting!