rAAVE Farming Contract Exploit explained

This article explains the GRO/rAAVE exploit that happened on February 08, 2021 at 06:17PM UTC in one of the rAAVE staking pools (stkGRO/rAAVE).

A. What happened

An attacker created a Fake ERC-20 token named rAXZZ and an associated with it an Uniswap V2 Liquidity Pool paired it with GRO (GRO/rAXZZ).

The attacker then proceeded in depositing 19,900,000,000,000 rAXZZ into the stkGRO/rAAVE contract, using the single asset deposit feature of the contract. This function uses the LP to swap half of the funds before providing the desired liquidity using both assets, as required by Uniswap pools.

Due to a vulnerability in the stkGRO/rAAVE contract — which did not properly check the match between the LP assets and the token being deposited — allowed the deposit to be accepted. It was forwarded to the Uniswap V2 Router which routed (as instructed by the stkGRO/rAAVE) the swap and subsequent liquidity provision via the fake LP.

The 5056 GRO/rAXZZ LP shares obtained were then mistakenly taken by the stkGRO/rAAVE contract as legitimate GRO/rAAVE LP shares. It then accepted them in exchange for 14513 newly minted stkGRO/rAAVE shares.

This action happened in this transaction:
https://etherscan.io/tx/0x47cc8504f870020d5e5a8a5f0e2c242cc790b7fbc0dffb183e2f20a668fc076e

Note that the price for stkGRO/rAAVE shares is given by the reserve amount (in GRO/rAAVE LP shares) divided by the stkGRO/rAAVE supply. Therefore, after the deposit the supply increased but the reserve remained the same. Basically the attacker was able to mint 14513 stkGRO/rAAVE out of thin air.

This was the exploit and the remaining actions constitute only aftermath.

Once on hold of the 14513 stkGRO/rAAVE shares the attacker proceeded to withdraw the 5056 GRO/rAAVE LP shares from the stkGRO/rAAVE contract using the simple withdrawal function, that returns to the staker GRO/rAAVE LP shares and burns the provided stkGRO/rAAVE shares.

This action happened in this transaction:
https://etherscan.io/tx/0xa3d64cd6541657c86331c8b1b037ad184216610d3653af9b7909601981ec32c1

Once in possession of the GRO/rAAVE LP shares he proceeded to removing the liquidity getting 27517 GRO and 1218 rAAVE for it.

This action happened in this transaction:
https://etherscan.io/tx/0x2152214a6be27a904af5a25e77fdca92ae60c6a9d7d298a41f88558649a41a23

Next the attacker swapped 27517 GRO and 1218 rAAVE for 597 and 204 ETH, respectively, on Uniswap.

This action happened in these transactions:
https://etherscan.io/tx/0xffef18b38096c96c1f6be784ea0ebb07964137858e38f3d65858a79e6a96797f
https://etherscan.io/tx/0xce020fabb3c56c75b23ac7d53d5259959a2b3ffe0b1a0d69aecaae9cd7757998

Then the funds were distributed to and remain (as the time of this writing) in the 4 wallets below:

Sent 231 ETH to 0x11a68fbef437b0be0961de3ef879a56c8c2a86ea
Sent 147 ETH to 0x8b662fb502133f592a969bf308a255a8f2e99642
Sent 274 ETH to 0x5cc6ba1e6e9391bd00997a820cb8c8b0d5191aed
Sent 149 ETH to 0x05d32895a283ff696104b7a0dfc63c5fe2ac8089

This action happened in these transactions:
https://etherscan.io/tx/0x0a6b5c92abcfbf07fb31d9e6c402b82c8756a80823c309d063a9a735d3f817eb
https://etherscan.io/tx/0xac4407bf2fa52003960449cecc92d3a9e0175f40d9bf11b9d808c3282f2ec2b4
https://etherscan.io/tx/0x0391fa91f18873566a31f5a6dd73b6ae5c4aa48146b64edf615eaacf0fece735
https://etherscan.io/tx/0xb80894d79ba238b1867ea17beb821f58084d42b52b7db24f04ca9cf1ae9b680c

B. Detail of the vulnerability

Below is the single asset deposit code for stkGRO/rAAVE. It takes 4 arguments:

  • the GRO/rAAVE Uniswap pool address
  • the address of the token to be deposited
  • the amount being deposited
  • and the acceptable minimum number of LP shares to be accepted in return

The function performs the swap and liquidity provision via the Uniswap router. The vulnerability existed because there was no checks or restrictions tying the deposited token address to one of the two tokens that compose the GRO/rAAVE pair.

Below one can see the original code with the vulnerability and the fixed code. The fix is on line 7.

This simple mistake lead to an open door to the exploit that could and would use a fake token and LP to pull off the attack.

C. Attack Mitigation

Once the team realized the exploit the mitigation happened in two fronts:

  • Removal of remaing rAAVE Treasury liquidity from the staking contracts
  • Call for action for the community via GrowthDeFi and rAAVE communication channels
Image for post
Image for post

The liquidity was pulled off in the given transactions:
https://etherscan.io/tx/0xfb179cde7721ad439600e7ffbb8664fd6b700d2ed40ea18fd5b2e0b155d23227
https://etherscan.io/tx/0xd19185662186e1d35022559c6cf9ddbfafead8cac5c80894fa5a61bf8692b2f3
https://etherscan.io/tx/0x78ecbee72b81d4213d643f463ec6bddac3f5cda9136d3e5c2d038d174c125cd6
https://etherscan.io/tx/0x5a01ffa37219062303485e921491204ef83e12851f619a32abca70fc3ea3fc30
https://etherscan.io/tx/0xdb87a1e49027420878330a9b72549928be6543482cfe06c476174e286e7174ac

The team will further review the contracts and provide a new deployment for the staking contracts at the right time.

Leveraging the power of top DeFi protocols with gTokens.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store