Jimbo's Protocol - Monday, May 28, 2023

Introduction

Jimbo's Protocol is a decentralized finance (DeFi) system built on the Arbitrum chain. The protocol uses a semi-stable floor price for its ERC-20 token, $JIMBO, backed by a treasury of Ether (ETH). However, despite its pioneering efforts to maintain on-chain liquidity and price floors, Jimbo's Protocol recently faced a Flash loan attack. On May 28, 2023, a sophisticated attacker managed to exploit a loophole in the protocol's slippage control mechanism, walking away with approximately $7.5 million in ETH.

Hack Impact

The attack had immediate and severe consequences for Jimbo's Protocol and its community. The attacker successfully drained a large portion of the treasury's ETH, affecting the protocol's stability and trustworthiness. The incident led to a sharp 40% decline in the value of $JIMBO, eroding the token's market position and investor confidence.

What is Liquidity Rebalancing?

In decentralized finance (DeFi), liquidity rebalancing is the process of reallocating assets within a liquidity pool to ensure efficient capital utilization and smooth price discovery. In simple terms, it means making sure there's enough "money" in the right places in a trading pool to make trades easy and fair.

What is Slippage?

Slippage occurs when the price of an asset changes between the time you place an order and the time the order is fulfilled. In DeFi, it's particularly important to control slippage to prevent significant price fluctuations that could result from large trades.

How Does Rebalancing Work in $JIMBO?

In $JIMBO's case, rebalancing happens via three primary functions: Shift(), Reset(), and Recycle(). These are triggered based on the state of different bins—Floor Bin, Active Bin, and Trigger Bin.

• Floor Bin: The bin with the lowest price per token (in ETH). It guarantees a minimum price for the token.
• Active Bin: The bin where $JIMBO is currently being traded.
• Trigger Bin: The bin that triggers a rebalance when emptied.

Understanding the Shift() Function in $JIMBO Protocol

The Shift() function plays a crucial role in the $JIMBO protocol, automatically activating when the Active Bin (the pool bin where the current trading price resides) moves past the Trigger Bin. The function performs two primary actions:

• Redistributes ETH Liquidity: 10% of the total Ethereum (ETH) liquidity in the pool is allocated to Anchor Bins, which are designed to stabilize the current market price.
• Allocates to Floor Bin: The remaining 90% of the total ETH liquidity is moved to the Floor Bin, which is the bin with the lowest price guaranteed by the protocol.

Simultaneously, the Shift() function also invokes a Reset() function call to redistribute the remaining $JIMBO tokens within the pool.

For more comprehensive insights into how these bins operate within the protocol, please refer to this Link

A Detailed Look at the Attack Mechanics

Step 1: Obtain Initial Funds

• The attacker starts by initiating a flash loan to borrow, 10,000 ETH from AAVE.

Step 2: Inflate $JIMBO Price

• The attacker uses this 10,000 ETH to purchase $JIMBO tokens, causing the Active Bin to shift significantly This shifts the Active Bin well past the Trigger Bin, which initiates a rebalance via the Shift() function.

Step 3: Transfer Tokens to Contract

• The attacker then transfers 100 $JIMBO tokens to the JimboController contract.  Due to the artificially inflated price, these tokens are highly valuable in terms of ETH.

Step 4: Invoke Shift()

• Now, the attacker calls the Shift() function. Because the Active Bin is now at an inflated price, this rebalancing action redeploys liquidity based on this skewed data. As a result, a significant amount of ETH (which is 90% of the total pool) is moved to the new Floor Bin at this inflated price level.

Step 5: Crash the Market Price

• Next, the attacker sells a significant amount of $JIMBO tokens, causing the price to plummet drastically

Step 6: Trigger Another Rebalance

• After crashing the market price, the attacker triggers another Shift() function. This redistributes a significant amount of ETH to a Floor Bin but at a much lower price level than before.

Step 7: Exploit and Profit

• Lastly, the attacker buys $JIMBO tokens at this depressed price, which are worth significantly more in terms of ETH. They convert these tokens back into ETH, making a considerable profit.

The attacker then returns the initial ETH borrowed through the flash loan, retaining a substantial net gain of 7.5 million.

Vulnerability Analysis

The critical flaw was the absence of slippage controls in the Shift() function, enabling the attacker to trigger rebalancing actions at artificial price levels. Once liquidity was redeployed at these inflated prices, the attacker could then manipulate the market to purchase tokens at a much lower cost, making a substantial profit in the process.

Transaction involved

Attacker's Addresses:

Attacker’s Address(ETH)

Notable Transactions:

Attacker Contract:

JimboController Contract
Attack Transaction

JIMBO's response to the hack

Response

The protocol also sent an On chain message to the hacker

How to Prevent Such Exploits

A system with a more sophisticated rebalancing mechanism that includes proper slippage control, could have likely prevented this exploit. By undergoing a comprehensive security audit, potentially from firms like BlockApex, protocols can identify and address these vulnerabilities before they're exploited.

Conclusion

The Jimbo Protocol incident serves as a cautionary tale that even innovative DeFi protocols are vulnerable to sophisticated attacks. This event highlights the importance of comprehensive security audits, a service that BlockApex specializes in, to identify and mitigate vulnerabilities in DeFi protocols. As the DeFi sector continues to evolve, so should its security measures to protect investor interests and maintain system integrity.