On October 26, 2020, a DeFi Harvest.finance protocol user exploited a loophole and raised $ 24 million. After the time of stupor, here is the time for explanations!
The course of the attack on Harvest.finance
Harvest.finance is a DeFi protocol that allows its users to automatically invest in the most profitable yield farming strategies . The idea is simple:
- Compare the yields of the different DeFi protocols (Uniswap, Aave, Compound, etc.);
- Transfer user funds based on results in an automated fashion ;
- All while optimizing transfer costs .
Launched on August 29, the idea is attractive. But there is a catch: The developers failed to identify a conceptual flaw . So, on October 26, a clever kid managed to exploit it to siphon part of the funds in stablecoins (USDT / USDC). Its strategy is based on 2 elements: impermanent losses and arbitrage.
- Impermanent losses : difference in value of an asset between the moment when the user has it in his wallet and when it is deposited on the DeFi protocol.
- Arbitrage : activity consisting in taking advantage of differences in the price of an asset between several platforms.
Harvest.Finance calculates user shares based on the real-time value of the assets deposited in the underlying protocol. In our case, this is the Y pool of Curve. The attacker then manipulated the market to alter their value. Once the value of those USDT / USDC was manipulated, he deposited his funds and got his shares for a lower price . He then withdrew his funds, at actual cost, for a profit.
With his first trade , he deposited 10 ETH from Tornado.Cash on Harvest.Finance:
Next comes the attack transaction .
- First, the hacker injected a large amount of USDT and USDT from Uniswap into his smart contract.
- He then converted 17,222,013 USDT into USDC via a swap in Curve’s Y pool. The value of the USDC of the Y pool therefore increased, due to the impermanent losses. He ended up with 17,216,703 USDC in his smart contract.
- He then deposited 49,977,469 USDC in the reserves of Harvest Finance. In exchange, he received 51,456,281 fUSDC (at a price of 0.97126080216 USDC per unit). The price before the attack was 0.980007 USDC. The attacker thus reduced the value of a share by around 1%.
- The attacker then traded 17,239,235 USDC for USDT through the Y pool . He thus obtained his USDT for the initial value of the USDC of the Y pool (lower). He then ended up with 17,230,747 USDT in return.
- He then withdrew all shares in fUSDC from the harvest.finance vault for 50,596,877 USDC . As the value of one USDC in the Y pool declined, the price of one unit was 0.98329837664 USDC. Net profit of the operation: 619,409 USDC .
The attacker then repeated this process several times within the same transaction.
After executing 17 attack transactions targeting the USDT pool (in 4 minutes ), the hacker repeated the same process for the USDT reserves. He therefore carried out 13 transactions in 3 minutes .
Once these 2 attack transactions were finalized, our smart guy transferred 11 million USDT and 13 million USDT to his address.
The Harvest Finance team quickly realized the attack. She moved the stablecoins present in the shared pools to her virtual coffers to prevent this from happening again.
Assessment of the attack:
- The price of a share in the USDC vault has decreased from 0.980007 to 0.834953 (-13.8%) ;
- The price of a USDT share fell from 0.978874 to 0.844812 (-13.7%) .
The losses amount to $ 33.8 million , or about 3.2% of the total value locked within the protocol before the attack.
The reaction of the development team
The Harvest Finance team takes full responsibility for losses . Funds using shared pools are locked , until a solution has been found to avoid the attack.
The developers have mentioned a few measures. For example, removing the ability to deposit and withdraw funds in a single transaction. This therefore amounts to eliminating flash loans. When withdrawing from a shared pool , it is also possible to convert funds into stablecoins in separate transactions . Market manipulation would then affect the attacker’s funds.
he Harvest Finance team is hoping to recover the stolen funds . It offers a bounty of 100,000 dollars to anyone who will put their hands on it. However, she asks not to “doxx” the attacker.
Harvest Finance even kindly asks him to return the funds, now that he has executed his masterstroke.
We will release a post mortem report within the next 16 hours, and work on future risk-mitigation strategies against flashloan economic attacks, including evaluating insurance options, as well as reparation strategies
— Harvest Finance (@harvest_finance) October 26, 2020
In conclusion, let us recall that decentralized finance is very experimental and, therefore, very risky. When it is not a bug in a smart contract, these protocols can have design flaws that are not visible at first glance. Harvest Finance has had this bitter experience. Jesse Powell, CEO of Kraken, assures for example that his platform will never cover this type of financial loss, linked to these “shitty DeFi-labeled scams”.
Stop fucking up your bullshit DeFi scams and expecting exchanges to bail you out. I will not accept your attempt at externalizing the cost of your hasty, reckless rollout. Invest in audits, insurance and please DYOR. Taking your losses is the only way to enlightenment.
— Jesse Powell (@jespow) October 26, 2020
