rAAVE Farming Contract Exploit explained

Growth DeFi
3 min readFeb 8, 2021

This article explains the GRO/rAAVE exploit that happened on February 08, 2021 at 06:17PM UTC in one of the rAAVE staking pools (stkGRO/rAAVE).

A. What happened

An attacker created a Fake ERC-20 token named rAXZZ and an associated with it an Uniswap V2 Liquidity Pool paired it with GRO (GRO/rAXZZ).

1. Deposit

The attacker then proceeded in depositing 19,900,000,000,000 rAXZZ into the stkGRO/rAAVE contract, using the single asset deposit feature of the contract. This function uses the LP to swap half of the funds before providing the desired liquidity using both assets, as required by Uniswap pools.

Due to a vulnerability in the stkGRO/rAAVE contract — which did not properly check the match between the LP assets and the token being deposited — allowed the deposit to be accepted. It was forwarded to the Uniswap V2 Router which routed (as instructed by the stkGRO/rAAVE) the swap and subsequent liquidity provision via the fake LP.

The 5056 GRO/rAXZZ LP shares obtained were then mistakenly taken by the stkGRO/rAAVE contract as legitimate GRO/rAAVE LP shares. It then accepted them in exchange for 14513 newly minted stkGRO/rAAVE shares.

This action happened in this transaction:

Note that the price for stkGRO/rAAVE shares is given by the reserve amount (in GRO/rAAVE LP shares) divided by the stkGRO/rAAVE supply. Therefore, after the deposit the supply increased but the reserve remained the same. Basically the attacker was able to mint 14513 stkGRO/rAAVE out of thin air.

This was the exploit and the remaining actions constitute only aftermath.

2. Withdrawal

Once on hold of the 14513 stkGRO/rAAVE shares the attacker proceeded to withdraw the 5056 GRO/rAAVE LP shares from the stkGRO/rAAVE contract using the simple withdrawal function, that returns to the staker GRO/rAAVE LP shares and burns the provided stkGRO/rAAVE shares.

This action happened in this transaction:

3. Removal of Liquidity

Once in possession of the GRO/rAAVE LP shares he proceeded to removing the liquidity getting 27517 GRO and 1218 rAAVE for it.

This action happened in this transaction:

4. GRO/rAAVE Dump on Uniswap

Next the attacker swapped 27517 GRO and 1218 rAAVE for 597 and 204 ETH, respectively, on Uniswap.

This action happened in these transactions:

5. Distribution

Then the funds were distributed to and remain (as the time of this writing) in the 4 wallets below:

Sent 231 ETH to 0x11a68fbef437b0be0961de3ef879a56c8c2a86ea
Sent 147 ETH to 0x8b662fb502133f592a969bf308a255a8f2e99642
Sent 274 ETH to 0x5cc6ba1e6e9391bd00997a820cb8c8b0d5191aed
Sent 149 ETH to 0x05d32895a283ff696104b7a0dfc63c5fe2ac8089

This action happened in these transactions:

B. Detail of the vulnerability

Below is the single asset deposit code for stkGRO/rAAVE. It takes 4 arguments:

  • the GRO/rAAVE Uniswap pool address
  • the address of the token to be deposited
  • the amount being deposited
  • and the acceptable minimum number of LP shares to be accepted in return

The function performs the swap and liquidity provision via the Uniswap router. The vulnerability existed because there was no checks or restrictions tying the deposited token address to one of the two tokens that compose the GRO/rAAVE pair.

Below one can see the original code with the vulnerability and the fixed code. The fix is on line 7.

This simple mistake lead to an open door to the exploit that could and would use a fake token and LP to pull off the attack.

C. Attack Mitigation

Once the team realized the exploit the mitigation happened in two fronts:

  • Removal of remaing rAAVE Treasury liquidity from the staking contracts
  • Call for action for the community via GrowthDeFi and rAAVE communication channels

The liquidity was pulled off in the given transactions:

The team will further review the contracts and provide a new deployment for the staking contracts at the right time.



Growth DeFi

https://growthdefi.com/ Leveraging the power of DeFi protocols to maximize capital efficiency