rAAVE Farming Contract Exploit explained

This article explains the GRO/rAAVE exploit that happened on February 08, 2021 at 06:17PM UTC in one of the rAAVE staking pools (stkGRO/rAAVE).

A. What happened

1. Deposit

Due to a vulnerability in the stkGRO/rAAVE contract — which did not properly check the match between the LP assets and the token being deposited — allowed the deposit to be accepted. It was forwarded to the Uniswap V2 Router which routed (as instructed by the stkGRO/rAAVE) the swap and subsequent liquidity provision via the fake LP.

The 5056 GRO/rAXZZ LP shares obtained were then mistakenly taken by the stkGRO/rAAVE contract as legitimate GRO/rAAVE LP shares. It then accepted them in exchange for 14513 newly minted stkGRO/rAAVE shares.

This action happened in this transaction:

Note that the price for stkGRO/rAAVE shares is given by the reserve amount (in GRO/rAAVE LP shares) divided by the stkGRO/rAAVE supply. Therefore, after the deposit the supply increased but the reserve remained the same. Basically the attacker was able to mint 14513 stkGRO/rAAVE out of thin air.

This was the exploit and the remaining actions constitute only aftermath.

2. Withdrawal

This action happened in this transaction:

3. Removal of Liquidity

This action happened in this transaction:

4. GRO/rAAVE Dump on Uniswap

This action happened in these transactions:

5. Distribution

Sent 231 ETH to 0x11a68fbef437b0be0961de3ef879a56c8c2a86ea
Sent 147 ETH to 0x8b662fb502133f592a969bf308a255a8f2e99642
Sent 274 ETH to 0x5cc6ba1e6e9391bd00997a820cb8c8b0d5191aed
Sent 149 ETH to 0x05d32895a283ff696104b7a0dfc63c5fe2ac8089

This action happened in these transactions:

B. Detail of the vulnerability

  • the GRO/rAAVE Uniswap pool address
  • the address of the token to be deposited
  • the amount being deposited
  • and the acceptable minimum number of LP shares to be accepted in return

The function performs the swap and liquidity provision via the Uniswap router. The vulnerability existed because there was no checks or restrictions tying the deposited token address to one of the two tokens that compose the GRO/rAAVE pair.

Below one can see the original code with the vulnerability and the fixed code. The fix is on line 7.

This simple mistake lead to an open door to the exploit that could and would use a fake token and LP to pull off the attack.

C. Attack Mitigation

  • Removal of remaing rAAVE Treasury liquidity from the staking contracts
  • Call for action for the community via GrowthDeFi and rAAVE communication channels

The liquidity was pulled off in the given transactions:

The team will further review the contracts and provide a new deployment for the staking contracts at the right time.

Leveraging the power of DeFi protocols to maximize capital efficiency