jakiro
On January 16, 2024, Socket Tech was attacked and lost about 3.3 million US dollars.The attacker took advantage of the loopholes in the data verification session in a Socket contract to steal the user funds of the authorized contract through malicious data input.This attack brought losses to 230 addresses, and the largest single address loss was about 656,000 US dollars.
Background introduction
Socket is an interoperable protocol serving cross -chain security, efficient data and asset transmission.The Socket Gateway contract is the access point for all interaction with the Socket liquidity layer. All asset bridge accessers and DEX are converged into a unique Yuanqiao pickup, and the best transaction is selected according to user preferences (such as cost, delay or security).routing.
Three days before the hacking attack, the Socket contract administrator executed the Addroute command and added a new route to the system.The purpose of adding routes is to extend the function of the socket gateway, but inadvertently introduced a key loophole.
The following figure is a record of adding routing through the contract administrator
>
Outline
1. At 15:03 on January 16, Beijing time, the attacker’s wallet was transferred to the funds used by the attack. Our time analysis shows that the funds are from 0xe620, which is related to 10 BNB extracted from Tornado Cash.
>
2. These funds are used to create and execute two contracts to use Socket’s loopholes.The first contract is aimed at USDC (screenshot as follows) in the address of the Socketgateway address; 127 victims were deceived by about $ 2.5 million.
>
3. Next, the second contract aims at the Weth, USDT, WBTC, DAI and MATIC in the victim’s address.As a result, the other 104 victims lost the following assets:
-42.47526105 WETH
-347,005.65 USDT
-2.88962154 WBTC
-13,821.01 dai
-165,356.99 matic
4. The attacker converts USDC and USDT into ETH.
>
Vulnerability
The vulnerabilities used by the attacker exist in the newly added routing address Routeaddress.
The original function of the PerformAction function in this address is to assist the function of WRAPPING and Unwrapping.However, a key vulnerability appears in this function: users directly call external data through Swapextradata in the .call () without verification, which means that attackers can execute arbitrary malicious functions.
>
In this incident, the attacker made a malicious Swapextradata input to trigger the TransferFrom function.The malicious call took advantage of the user’s authorization of the Socketgateway contract and stole funds from them.
Although the contract will ensure that the user balance will change correctly after the information is called by checking the balance check to ensure that the user balance will change, but the function does not consider that the attacker sets the amount to 0.
>
Restore the attack process
1. Use an attack contract to call 0x00000196 () on the Socket Gateway contract.
>
2. Fallback () uses the hexagonal signature 196 to call loopholes. Routeraddress.
>
3. In the screenshot below, we can see the false input used by the attacker. The number of swapping is all 0.
>
4. Next, you will call wrappedtokenwapperimpl.PerformAction () for swap.
>
5. Without any verification, the false Swapextradata is accepted and executed by FROMTOKEN (Weth).
>
6. The attacker repeatedly executes the above process until the victim’s assets are exhausted.After the malicious transaction appeared, the Socket quickly called DisaBleroute, blocking the routing of the loopholes before, preventing the larger range of attacks.
7. On January 23, Socket announced that it had recovered 1032 ETHs and announced on the 25th that it would compensate all losses.This event is resolved.
>
Event summary
In a routing contract authorized by unlimited users, malicious CALLDATA attacks are not uncommon.Similar attacks include Dexible and Hector Bridge.On February 17, 2023, the decentralized exchange Dexible was attacked and lost more than 1.5 million US dollars.Vulnerability Utilities Enter the malicious CALLDATA to the Fill () function of Dexible to steal user assets.On June 2, 2023, the Hector network protocol was attacked.The attacker deployed a false USDC contract and passed the malicious CALLDATA to transfer 652,000 real USDCs from the victim’s contract.
The blockchain polymer platform usually uses a series of bridges and routing contracts to improve liquidity and reduce losses.However, this complicated packaging can bring more problems to security.We are pleased to see that the Socket’s incident can be resolved, and Certik will continue to be committed to providing a comprehensive audit and testing for the platform, reducing various aggregate risks, and improving the security level of community trust and the entire industry.
