Security dilemma of NFT liquidity agreement - Analysis of the hacked event of NFT loan agreement xcarnival

6 month 24 Japan ,NFT Mortgage loan agreement XCarnival Being attacked by hackers , Hackers profit 3087 ETH, about 380 Thousands of dollars .

This is also NFT There are few serious attacks on liquidity protocols ,SharkTeam The technical analysis of this event was carried out for the first time , And summarizes the means of safety precautions , I hope that the follow-up projects can take warning , Build a security defense line for the blockchain industry .

One 、 Event analysis

The attacker's address ：0xb7CBB4d43F1e08327A90B32A8417688C9D0B800a

Through Tornado Extracted 120 ETH Used as start-up funds for attacks ：

A series of transactions after the attacker's address obtains funds are as follows ：

First , Through OpenSea Created a NFT,TokenID=5110

then , The attacker created the attack contract , The address is 0xf70f691d30ce23786cfb3a1522cfd76d159aca8d, Short for 0xf70f

The attacker will create NFT Move to attack contract

After completing the above steps , The attacker launched several attacks , Take the first attack transaction as an example ,

txHash: 0x422e7b0a449deba30bfe922b5c34282efbdbf860205ff04b14fd8129c5b91433

NFT The transfer record is as follows ：

In the transaction NFT the 4 Secondary transfer , Each transfer uses a different contract address , And these contract addresses are created in the current transaction , Take the first transfer as an example , The execution process is as follows ：

（1） Create a contract 0x2d6e070af9574d07ef17ccd5748590a86690d175, Short for 0x2d6e

And then NFT Transfer to the newly created contract 0x2d6e

（2） Call... Through a proxy contract XNFT Pledge and loan function in the contract pledgeAndBorrow, take NFT Pledge to XNFT In contract , The loan is 0.

XNFT The agency contract address is 0xb14B3b9682990ccC16F52eB04146C3ceAB01169A, Short for 0xb14b

NFT The implementation contract address is 0x39360AC1239a0b98Cb8076d4135d0F72B7fd9909, Short for 0x3936

pledgeAndBorrow Function as follows ：

here , On receiving NFT Then the order is directly generated ,orderId=11,tokenId=5110,pledger Namely from, namely 0x2d6e

（3） Call the extraction function withdrawNFT, Pick up the order order=11 Medium NFT（tokenId=5110）

withdrawNFT Function as follows ：

This function will 5110 NFT Extracted the address 0x2d6e

（4） take 5110 NFT By contract 0x2d6e Move to attack contract 0xf70f

Go through the above steps , The purpose of this transaction is to create 4 Order per order , Order's orderId Respectively 11,12,13 and 14, And the loan of the order is 0, among NFT Extracted （order.isWithdraw = true）.

The attacker repeats the above transaction , Created a lot of orders , Then the attack's start function , attack . Take the first attack transaction as an example ,

txHash: 0xabfcfaf3620bbb2d41a3ffea6e31e93b9b5f61c061b9cfc5a53c74ebe890294d

XToken Agency contract ：0xB38707E31C813f832ef71c70731ed80B45b85b2d, Short for 0xb387

XToken Realize the contract ：0x5417da20aC8157Dd5c07230Cfc2b226fDCFc5663, Short for 0x5417

There are multiple transactions ETH Transfer record , from 0xb387, The contract created through the attack contract is transferred to the attack contract , Each transfer invokes XToken In the contract borrow function , Take the first transfer as an example , The function call is as follows ：

borrow Function as follows ：

This is going to call controller In the contract borrowAllowed Function to verify , The function call and parameters are as follows ：

controller contract borrowAllowed Function as follows ：

Here to order It's checked , But it only verifies the existence of the order 、 The address is correct and not cleared , There is no verification of the... In order NFT Whether it is extracted , Even though orderId=11 Of your order NFT Has been extracted ,order The verification of can still pass , therefore , The attacker has no actual collateral NFT In the case of 36 ETH.

The attacker exploited the vulnerability , Repeat attack , They successively stole a total of from the contract 3087 ETH, The total value is about 380 Thousands of dollars .

Two 、 Safety suggestion

The root cause of this security incident lies in the logical loopholes in the contract of the project party , The logic is not rigorous when borrowing money , Lack of verification of key logic , That is, whether the collateral has been withdrawn has not been detected .

as everyone knows ,NFT Ecology wants long-term sustainable development , There must be excellent NFT Liquidity program to provide liquidity market . In all kinds of NFT While the collection is constantly released , transaction 、 Loan, etc NFT Liquidity agreements are also the focus of the industry . But because NFT The price prediction machine of 、 Problems such as value endorsement have not been completely solved , So most NFT The volume of liquid projects is still relatively small . under these circumstances , Once a hacker attack occurs , It is often fatal to the project team , It will also greatly affect user confidence .

Therefore, we suggest that the project party design the project 、 The development and testing process should be rigorous , Try to avoid the absence of some core verification logic , Give hackers a chance . in addition , It is recommended to conduct multi-party and multi round audits , Minimize the high-risk loopholes in the contract .

3、 ... and 、 About us

SharkTeam Our vision is to fully protect Web3 The security of the world . The team members are located in Beijing 、 nanjing 、 Silicon valley , It is composed of experienced security professionals and senior researchers from all over the world , Proficient in the underlying theory of blockchain and smart contract , Provide services including smart contract audit 、 On chain analysis 、 Emergency response and other services . We have worked with key players in various fields of the blockchain ecosystem , Such as Huobi Global、OKX、polygon、Polkadot、imToken、ChainIDE And establish a long-term cooperative relationship .

Web：https://www.sharkteam.org

Telegram：https://t.me/sharkteamorg

Twitter：https://twitter.com/sharkteamorg

Reddit：https://www.reddit.com/r/sharkteamorg

More blockchain security consulting and analysis , Click the link below to view

D Check | Chain risk verification https://m.chainaegis.com