On July 25, 2023, the Palmswap project on the Binance Smart Chain (BSC) fell victim to an attack, resulting in the attacker gaining profits exceeding $900,000. Following the intervention and analysis by the SlowMist security team, the results are now being shared as follows:

Background Information:

Palmswap v2 offers a decentralized leveraged trading platform that is characterized by its high liquidity, robustness, and user-friendly interface. Within this platform, there exists a liquidity provider token called PLP, which is backed by the USDT asset index, enabling leveraged trading. PLP tokens can be created by exchanging USDT and can also be redeemed back into USDT. The minting and redemption prices of PLP are determined by dividing the total value of assets in the index (including profits and losses on open positions) by the current supply of PLP tokens.

The following addresses are relevant to this attack:

Attacker EOA address:

0xf84efa8a9f7e68855cf17eaac9c2f97a9d131366

Attack contract address:

0x55252a6d50bfad0e5f1009541284c783686f7f25

Attack transactions:

https://bscscan.com/tx/0x62dba55054fa628845fecded658ff5b1ec1c5823f1a5e0118601aa455a30eac9

Attacked contract addresses:

1. 0xd990094a611c3de34664dd3664ebf979a1230fc1

2. 0xa68f4b2c69c7f991c3237ba9b678d75368ccff8f

3. 0x806f709558cdbba39699fbf323c8fda4e364ac7a

Attack Principle:

The fundamental aspect of the attack involves manipulating the price of the PLP token on the Palmswap exchange by influencing the amount of USDT in the vault and the total supply of the PLP token.

In case the vault contract remains unchecked in administrator mode, any user can augment the USDT amount in the vault by directly acquiring USDP tokens using USDT, without altering the total supply of PLP tokens. This vulnerability enables attackers to exploit flash loans, allowing them to manipulate the PLP token’s price malevolently for their gains.

Detailed Analysis:

1. Initially, the attacker utilizes flash loans to borrow 3,000,000 USDT and then proceeds to add liquidity and mint PLP tokens with 1,000,000 USDT.

2. During the liquidity addition process, the attacker commences by transferring USDT and subsequently invokes the buyUSDP function of the vault contract to acquire USDP tokens. These purchased USDP tokens are then utilized to determine the quantity of PLP tokens to be minted.

In this instance, the attacker acquired 996,769 USDP using 1,000,000 USDT and consequently minted approximately 996,324 PLP tokens.

3. Subsequently, the attacker invokes the buyUSDP function within the vault contract. Once this function is validated by the administrator, it enables direct acquisition of USDP tokens using USDT, leading to an increase in the USDT token reserve present in the vault contract.

Nonetheless, as the vault contract lacks the administrator mode, any user can directly trigger the buyUSDP function of the vault contract to purchase USDP tokens. Therefore, the attacker takes advantage of this situation and directly transfers the remaining 2,000,000 USDT obtained from the flash loan to the vault contract, acquiring USDP tokens in the process.

4. Following the previous step, the attacker promptly proceeds to withdraw the liquidity, resulting in the burning of all PLP tokens and the sale of USDP tokens. Notably, it is observed that the attacker burned 996,311 PLP tokens while obtaining 1,962,472 USDP tokens through this process.

As a consequence of the sudden increase in the number of USDT tokens within the vault from purchasing USDP in the previous step, the price of PLP tokens is influenced as it depends on the USDT balance in the vault. Consequently, this upward movement in PLP token price allowed the attacker to obtain a higher amount of USDP tokens than initially expected during the attack.

5. Finally, the attacker executes the sellUSDP function of the treasury contract, converting the remaining USDP tokens obtained in the third step into USDT. With this action, the flash loan is repaid, and the attacker exits the market with a profit.

Summary:

This attack occurred because the core function’s authority control was not enabled, and the liquidity token’s price calculation model was overly simplistic, relying solely on the treasury’s USDT token amount and the total supply. This allowed malicious manipulation of lending to generate unexpected profits. The SlowMist security team advises the project team to enhance the liquidity token’s price model by incorporating various restricting factors, such as considering the time of liquidity addition, and to enforce strict permissions for core functions to prevent such incidents in the future.

About SlowMist

SlowMist is a blockchain security firm established in January 2018. The firm was started by a team with over ten years of network security experience to become a global force. Our goal is to make the blockchain ecosystem as secure as possible for everyone. We are now a renowned international blockchain security firm that has worked on various well-known projects such as Huobi, OKX, Binance, imToken, Crypto.com, Amber Group, Klaytn, EOS, 1inch, PancakeSwap, TUSD, Alpaca Finance, MultiChain, Cheers UP, etc.

SlowMist offers a variety of services that include by are not limited to security audits, threat information, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) software, Vulpush (Vulnerability monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) , Safe Staking and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, FireEye, RC², TianJi Partners, IPIP, etc.

By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we could spread awareness and raise the security standards in the blockchain ecosystem.