Infiltrating The EVM IV - Echoes of the Past, Visions for Tomorrow

“… it took only five hours to protect 350 million USD from falling into the wrong hands.”

Writes samczsun as he describes the infamous rescue of MISO protocol’s funds involving the historically perfect case study of such an attack that could have easily made it to the top 10 of the largest blockchain security hacks to date. In an almost poetic way, this case study covers the step-by-step story experienced first-hand by samczsun himself when he describes the “encounter, discovery, disclosure, preparation, rescue, and reflection” on the MISO fiasco. Write-ups and disclosures guide us towards the elegant handling of war-room cases and how to go through such situations following a standardized approach.

Let’s continue infiltrating the EVM

In our article series, we move on with the 4th part today, focusing on some of the writeups in the web3 security space that educate the readers on how to handle the situations that always inflict a 0-day attack. The list covers some well-known writeups, such as the paradigm’s write-ups of the MISO attack, Ethereum is a Dark Forrest, and the industrially standardized Yearn’s public disclosures (and others).

The emphasis will be on learning about situations and environments of how a bug discovery, rescue, and fix are deployed in a war room, some of which end up happily ever after, and others teach us more valuable lessons. This teaches us how strategies are created and practiced setting up standards throughout the industry.

Amidst the fascinating narratives of blockchain security challenges, one particular incident stands out as a testament to swift action and proactive auditing. Let's first delve into the gripping tale of the MISO rescue mission, where $350 million was at stake, and the clock…; the clock is always ticking.

From Crisis to Triumph - The MISO Battle for Security

On August 18, 2021, samczsun reported a critical vulnerability in SushiSwap’s MISO smart contracts, which put ~350 million USD (109 thousand ETH) at risk.

In the ever-evolving landscape of DeFi, where fortunes are made and the stakes run high, the tale of the MISO protocol's rescue mission stands as an epic saga of audacity and triumph. Picture this - $350 million hanging perilously on the edge, teetering between salvation and the abyss of the wrong hands. As the clock ticked, the guardians of MISO stepped forward, ready to shield their treasure from the clutches of lurking adversaries.

Finding The Familiar Foe

This gripping saga begins with samczsun, a keen-eyed auditor, stumbling upon a discussion about a raise on SushiSwap's MISO platform. Driven by curiosity, he delves deeper, scrutinizing the Dutch auction contract, hoping to ensure the system's integrity.

Drawing from past experiences with Opyn, samczsun realizes the eerie similarity between the vulnerabilities. Inside a delegatecall, msg.sender and msg.value persist, opening the door to reuse msg.value across multiple commitments, aka batchcalls.

The magnitude of what this bug could bring was a staggering amount of ~$350M.

Ticking Time

In the fast-paced world of DeFi, where transactions occur rapidly, every moment counts, as opportunistic hackers could discover the vulnerability at any time. Hence, the team had to act swiftly and strategically to safeguard the funds and neutralize the immediate threat posed by the vulnerability before it could be exploited. The clock was ticking, and the safety of a substantial amount of funds hung in the balance, making it a race against time to protect the treasure from falling into the wrong hands.

The team precisely acts, finalizing the Dutch auction and neutralizing the immediate threat. Yet, challenges arise as they encounter an active batch auction. A quick decision is made to prioritize safeguarding the 350 million USD while mitigating the risks in the batch auction.

Creating a rescue strategy is paramount, as determined by the MISO Sentinels. To gain an advantageous position in a war room scenario, it is imperative to explore all possibilities, which is precisely what the MISO war room team is doing. To achieve this objective, the team reaches the conclusion of implementing a smart contract that utilizes one of the protocol’s features as a pause functionality. The team consisting of esteemed experts, namely Samczsun, Mudit, Dan, Georgios, Keno, and Omakase, with Joseph Delong from the Sushi protocol, plays a crucial role in the process.

Key Takeaways

Here we list down a couple of lessons learned, in the words of the sentinels, as the first-hand experience is the best of the teacher. samczsun states covering the Reflection of the whole fiasco as follows;

• “Even though there was no monetary damage, I’m sure that everyone involved would have much preferred to not have gone through this process in the first place.”

More importantly, samczsun mentions the one thing that is at the core focus of DeFi SRs at BlockApex as well, as below;

• “safe components can come together to make something unsafe. I’ve preached this before in the context of composability and DeFi protocols, but this incident shows that even safe contract-level components can be mixed in a way that produces unsafe contract-level behavior.”

You can read how the whole scenario unfolded in this blog. (source: Two Rights Might Make A Wrong)

This incident also brings forth the depiction of Ethereum to mind the "Dark Forest" concept in the Ethereum mempool, where opportunistic arbitrage bots lie in wait to exploit profitable opportunities. The term was coined by Dan Robinson and Georgios Konstantopoulos in Aug 2020.

Race Against Predators: Navigating The Dark Forest

It all began when a user inquired about recovering Uniswap liquidity tokens mistakenly sent to the pair contract. Dan Robinson knows two things when he officially terms the Ethereum blockchain as a Dark Forest;

1. “This is a horror story”, as the team got knocked out in the MEV colosseum in the first round.
2. “Except… I knew it wouldn’t be simple.“, and the fact. Obviously.

In mempool, arbitrage bots lurked like apex predators, ready to exploit any profitable opportunities they detected. Known as "generalized frontrunners," these bots could copy and manipulate transactions to their advantage. This created a challenging environment for the rescue mission, as any attempt to claim the tokens could be instantly targeted and stolen by these savvy predators. An intricate plan was crafted to recover the funds without drawing attention from the bots. Custom contracts were deployed to obfuscate the rescue transactions and make them less conspicuous.

Finer details make all the difference

The obfuscation looked like this, to veil the call as an internal transaction, the sentinels decided to break down the transaction into two pieces:

• “a set transaction that activates the rescue contract, and
• a get transaction that rescues the funds if the contract has been activated.”

Quoting Dan below, the implementation detail need to be executed in the following order;

1. “Deploy a Getter contract which, when called by its owner, would make the burn call ONLY if activated, and otherwise revert.
2. Deploy a Setter contract which, when called by its owner, would activate the Getter contract.
3. Submit the set transaction and the get transaction in the same block.”

As the pressure mounted, a critical oversight proved costly. In their haste to execute the rescue, a key detail was missed—the get transaction slipped into a later block, providing a window of opportunity for the bots to strike.

As expected,

Bots struck… Bots won.

Key Takeaways (1)

Readers are here for the lesson, which is what they shall get.

• Never underestimate the bots; they be real monsters. Empirical evidence is that generalized frontrunners teach a lot more in experience than in theory.
• Since time is but a stubborn illusion, what matters is how the sentinels react under the pressure of time. If the team lays out a plan, it is there to be executed, not to be set aside or deprioritized.
• Evolve. Evolve. Evolve. This incident led to discovery of private mempools, flashboys, → flashbots. Solving the problem is what lessons are for, and never losing again the same way is what experiences are for.
• Bots for today, Miners for tomorrow. In the rational ecosystem of blockchain, honesty is secondary. A note for (not too distant) future self is to prepare and think with more than one brain and see with more than two eyes.

The entire scenario's account, written by Dan Robinson and Georgios Konstantopoulos, can be read in this blog.

While the rescue faced setbacks, it highlighted the need to address MEV and front-running attacks in DeFi. Promising solutions, such as Optimism's vision for redirecting MEV and StarkWare's verifiable delay function service, offer hope for a more secure future. As the DeFi landscape evolves, staying vigilant and proactive in securing the ecosystem becomes paramount.

Coup de Grâce: SirenMarket V1

Once hailed as an innovative DeFi protocol offering options and automated liquidity provision, Siren Markets was at the center of a high-stakes exploit that threatened its users' funds. The vulnerability lay hidden within the Automatic Market Maker (AMM), presenting attackers with a unique opportunity to game the system and profit at the expense of the protocol.

At the heart of the vulnerability were bTokens and wTokens, the twin tokens representing different sides of the options contracts. Armed with this knowledge, attackers devised a cunning plan. They strategically acquired equal amounts of bTokens and wTokens to neutralize their exposure to the underlying asset, laying the groundwork for their assault.

Round 1: Ready, Fight

The attackers bided their time, waiting for the opportune moment: when the market was about to expire. As the countdown neared its end, two potential scenarios emerged. If the options expired from the money (OTM), the attackers swiftly exercised their wTokens, recuperating their losses.

However, the "in the money" (ITM) scenario showed their strategy's brilliance. Just before the bTokens' expiration, the attackers made a bold move: they sold these tokens back to the AMM. Unbeknownst to the AMM, the attackers cleverly exploited its lack of action. The AMM, unsuspectingly, bought the bTokens at their current valuation without exercising the option.

The plot thickened with the application of block stuffing!

Block stuffing is a type of attack in blockchains where an attacker submits transactions that deliberately fill up the block’s gas limit and stall other transactions. To ensure the inclusion of their transactions by miners, the attacker can choose to pay higher transaction fees. By controlling the amount of gas spent by their transactions, the attacker can influence the number of transactions that get to be included in the block.

Round 2: Ready, Fight

Siren Market assumed that the bug fix was a transaction that would be handled gracefully, i.e., eliminate the ITM option, but this is the prime example we are trying to share with our readers. By setting higher gas fees than honest users, the adversary ensured miners would prioritize their transactions, creating a temporary denial-of-service (DoS) effect. This sneak attack made it challenging for the Siren team to execute their fix, ultimately forcing them to exercise ITM options.

K.O. Key Takeaways (2)

In this series of articles, we explored a new attack vector revealed by the vulnerability in the Siren Market. Our goal is to educate Blockchain Sentinels on the surprises the blockchain has up its sleeves, even when it comes to something as important as a bug fix for a transaction. The key takeaway is considering how an attacker could bypass your vulnerability fix.

A cherry on the top: Yearn’s Disclosures

After covering a number of war room stories, we wrap up echoes of the past with Yearn’s public disclosures. Yearn Finance has worked on its small and large vulnerability identification and fixes for almost two years. The list on their GitHub repository covers the details of all hacks organized by date and time, with a template set as a standard for bug fixes. The template covers the segments of hacks or reported findings by including a description of the summary, background, details of the vulnerability, details of the fix, an attribute of the timeline of events, and important links relevant to the said hack.

TL;DR

The article "Infiltrating The EVM IV - Echoes of the Past, Visions for Tomorrow" takes readers on a captivating journey through real-life incidents in the realm of blockchain security. Three gripping narratives stand out: the MISO rescue mission, the Dark Forest of Ethereum, and the Siren Market exploit.

In each case, the common theme is the urgency of swift action and proactive auditing to protect massive sums of money at risk in DeFi protocols. These stories serve as powerful reminders of the high stakes involved and the ever-evolving challenges faced by auditors and security experts.

Key lessons emerge from these experiences. First, secure composability is crucial. Combining safe contract-level components does not always guarantee overall safety, as seen in the MISO case. Second, the DeFi ecosystem must address risks like MEV and front-running attacks, which can threaten funds at any moment.

Transparency and accountability are paramount. Protocols like Yearn Finance, with their public disclosures and standardized templates for bug fixes, set a commendable example for the industry. Sharing insights and vulnerabilities openly can foster trust and strengthen the community.

This is the Fourth part of the series Infiltrating the EVM.