Verichains

Share this post

Verichains Weekly Security Digest | March 2023 Week 2

blog.verichains.io

Discover more from Verichains

Leading web3 security firm in APAC. Trusted by top blockchain customers such as BNBChain (Binance), Klaytn (Kakao Talk), Wemix (Wemade), Solana, Axie Infinity/Ronin Network (Sky Mavis)
Continue reading
Sign in

Verichains Weekly Security Digest | March 2023 Week 2

th13vn
,
lifebow
,
Verichains
, and
LowK
Mar 14, 2023
1
Share this post

Verichains Weekly Security Digest | March 2023 Week 2

blog.verichains.io
Share

In this week's digest, Verichains released another Security Advisory VSA-2022-101. We will also be discussing the potential impacts on the crypto industry in the wake of the calamitous collapse of three crypto-friendly banks. In incident news, four significant hacks were monitored with losses in the millions.


Verichains Security Advisory

As a follow-up to our previous public Security Advisories releases VSA-2022-100, we are now releasing VSA-2022-101 From Nil to Spoof - Critical IAVL Spoofing Attack via Multiple Vulnerabilities.

A critical vulnerability in BNB Chain and Tendermint Core library, allows a hacker to carry out attacks similar to the 2 million BNB hack (equivalent to 600 million USD) last October on the BNB Bridge.

We advise projects that are still using the Tendermint Core / Cosmos-SDK to reach out to Verichains and secure your project via info@verichain.io.

Read the full Security Advisory here: 

Verichains
[VSA-2022-101] From Nil to Spoof - Critical IAVL Spoofing Attack via Multiple Vulnerabilities (CVE-2023-27575)
This advisory highlights a critical IAVL Spoofing Attack via multiple vulnerabilities discovered by Verichains in BNB Chain and Tendermint codebase (CVE-2023-27575). An attacker could potentially launch an IAVL spoofing attack resulting in a significant loss of funds similar to…
Read more
7 months ago · 1 like · Verichains

The Silver Lining

In what seems like a calamitous whirlwind, Silicon Valley Bank (SVB) and Silvergate both collapsed during the weekend, to prevent further contagion within the banking industry, US regulators had also shut down Signature Bank, making it the third crypto-friendly bank to close shop.

Amid the market turmoil, Verichains remains optimistic. We believe in the ingenuity of the crypto industry to innovate and adapt in the face of adversity. The industry will likely turn to alternative solutions such as decentralized exchanges (DEXs), Peer-to-peer (P2P) trading platforms, the creation of new crypto-friendly banks, and perhaps the deployment and adoption of a US Central Bank Digital Currency (CBDC).

Check out our co-founder - Thanh Nguyen’s comment which was featured on Business Insider here: https://markets.businessinsider.com/news/currencies/crypto-market-outlook-banking-crisis-expert-forecasts-svb-signature-silvergate-2023-3


Last Week’s Incidents

🚨Project: Tender Finance
⛓️Chain: Arbitrum
💥Type: Misconfiguration
💸Loss amount: $1.59 million

On the morning of March 7th, the customer of @tender_fi was greeted with the cataclysmic news that they were investigating an incident and will be pausing further borrowing.

Twitter avatar for @tender_fi
Tender.fi @tender_fi
We are investigating an unusual amount of borrows that came through the protocol- in the meantime, we have paused all borrowing. Thank you for your patience.
10:05 AM ∙ Mar 7, 2023
47Likes9Retweets

Lo and behold, they were hacked to the tune of $1.59 million by a vulnerability found in a new oracle that Tenderfi had set up on March 6th to provide the price of GMX.

The contract for the oracle apparently included a function called "getUnderlyingPrice" which contained a vulnerability that allowed the price of GMX to be multiplied by a factor of 1e20 (that is 20 zeroes).

In a surprising turn of events, the hacker in question happens to be a White Hat and had struck an agreement with the project to return all funds and keep 62.158670296 ETH (roughly 80k) as a bounty for discovering the exploit.


🚨Project: Phoenix Finance
⛓️Chain: Polygon
💥Type: Access Control & Arbitrary External Call
💸Loss amount:$100,000

A DeFi platform called Phoenix Finance suffered a $100,000 loss last week where a feature in PhxProxy lacks access control and can be passed in any parameter. The attacker created a disposable OTP token and trigger PhxProxy, swapping it for profit.


🚨Project: DKP Token
⛓️Chain: BSC
💥Type: Price Manipulation
💸Loss amount: $80,000

A vulnerability was found and exploited in the swap mechanism of a token called DKP between it and USDT on PancakeSwap. The attacker was able to exploit this vulnerability to their advantage and made a gain of $80k. It is unclear exactly how they manipulated the ratio, but it is likely that they used some kind of arbitrage or market manipulation through the use of Flashloans.


🚨Project: Kashi
⛓️Chain: Ethereum
💥Type: Oracle Manipulation
💸Loss amount: $27,000

The root cause of the issue is price Oracle was not updated during the borrow action. Consequently, the attacker carried out a liquidation to update the price Oracle, resulting in the refund of the collateral and repayment of a lower asset value than required.

1
Share this post

Verichains Weekly Security Digest | March 2023 Week 2

blog.verichains.io
Share
Previous
Next
A guest post by
LowK
Smart Contracts Security Auditor
Subscribe to LowK
Comments
Top
New
Community

No posts

Ready for more?

© 2023 Verichains
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing