JIMBO V2 was exploited for about $7.5M, or 4048 ETH. The attacker used flash loans to manipulate the JIMBO/ETH price such that the liquidity rebalance causes excessive amounts of ETH to be taken out of the Trader Joe pool via incorrectly deployed anchor bin liquidity.

TL;DR

• Attacker tornadoes from BSC to get funds into the deployer

• Attacker swaps BNB to ETH and bridges to Arbitrum

• Attacker deploys 4 different malicious smart contracts used to execute the exploit

• In each contract:

  • Attacker buys JIMBO from the Trader Joe pool

  • Attacker adds external LP at a maliciously high bin price far outside the protocol’s LP range

  • Attacker flashloans 10,000 ETH to buy all the JIMBO tokens in the protocol-owned liquidity bins (50 bins + max bin) to push the active bin to the artificially high LP the attacker previously set

  • Attacker calls shift(), which reorganizes 10% of ETH liquidity into “anchor bins”, which are placed 1 to 5 bins below the active bin (now at an artificially inflated price)

  • Attacker sells tokens at the maliciously high price to drain the anchor bin liquidity and drops the active bin back into normal LP range at maxBin, then calls reset(), which takes the JIMBO in the pool and reorganizes them to the current active price

  • Attacker loops these calls, takes another flash loan, and repeats the process until the large majority of funds are drained

Attacker Wallets Used

• AttackerWallet1 (BSC)

  • https://www.bscscan.com/address/0x44097ff0869eb0fdd4cc48dabdef33dd61bde331

• AttackerWallet2 (Arbitrum)

  • https://arbiscan.io/address/0x102be4bccc2696c35fd5f5bfe54c1dfba416a741

• AttackerWallet3 (Mainnet)

  • https://etherscan.io/address/0x5f3591e2921d5c9291f5b224e909ab978a22ba7e

Brief Protocol Description

In order to understand the attack, one must be familiar with the Jimbo Protocol. Jimbo is a variation of a treasury-backed asset protocol, but with all of the possible supply inside of a Trader Joe liquidity pool. Trader Joe's V2 liquidity book AMM allows liquidity providers to define precisely what price to sell their tokens, very similar to a traditional order book. The first protocol to build a programmatic liquidity rebalancing token on top of this system was White Lotus, which created a token that's floor price is always increasing. Jimbo Protocol improved on White Lotus, identifying key changes to the rebalancing mechanics and adding new features of its own.

Detailed information for Jimbo Protocol can be found in the docs.

Detailed Attack Description

On May 27, 2023, at 10:29:31 PM UTC, the AttackerWallet1 begins by using Tornado Cash on BSC to receive 7 BNB via 7 transfers through the 1 BNB pool. He quickly bridges this BNB to Arbitrum as WETH using Stargate (https://www.bscscan.com/tx/0x5633868c0c80570321760af459bdfebb199793ca27206b3b7653b89dc7217033).

Now on Arbitrum, the AttackerWallet2 begins the exploit by deploying 4 separate instances of the exploit contract. Attacker buys JIMBO from the JIMBO/ETH liquidity pool on Trader Joe and subsequently adds that JIMBO as liquidity into a liquidity bin significantly above the protocol's maxBin, which is the last protocol owned JIMBO bin and seats 50% of the non-circulating JIMBO supply. We will refer to this new external liquidity bin as the malicious bin. Using 10,000 ETH from an AAVE flash loan, the attacker buys up the all of the JIMBO supply in the pool up to the maxBin, with one additional JIMBO bought to put the active bin in the malicious bin.

Stack trace courtesy of Peckshield. Note that this trace does not show the external LP to create the malicious bin.

With the price manipulated and active bin equal to the malicious bin, the attacker then calls shift(), which rebalances ETH liquidity and increases the floor price. Shift specifically can only be called in scenarios where there is positive price action, and the price has moved 5% above the previous price. Shift removes ETH from every bin up until the current active bin, then takes 90% of this accumulated amount into the floor, and redeploys 10% as a set of ETH-only bins up to 5 bins below the current active bin, called the anchor bins. The effect of this function is to increase the floor price for the token, while providing some support at the current price with the anchor bins.

With shift() called, new anchor bins were setup right below the malicious bin, exposing a large amount of ETH at a severely inflated JIMBO price. The attacker sells all of the bought JIMBO back into the pool, draining the anchor bins and pushing price back to the floor. From here, the exploiter called reset() to set the JIMBO liquidity back into the default distribution.

This is the heart of the attack: the exploiter uses the shift at a malicious price to expose 10% of the protocol's ETH at a time, then selling to the floor. This sequence of actions is then looped to drain the majority of the ETH in the pool.

The attack was looped 11 times across 4 transactions, resulting in the exploiter draining around 94.5% of the ETH in the pool, for a total of ~4048 ETH, or $7.58M.

Exploit transactions:

1. https://arbiscan.io/tx/0xf9baf8cee8973cf9700ae1b1f41c625d7a2abdbcbc222582d24a8f2f790d0b5a

2. https://arbiscan.io/tx/0xfda5464e97043a2d0093cbed6d0a64f6a86049f5e9608c014396a7390188670e

3. https://arbiscan.io/tx/0x3c6e053faecd331883641c1d23c9d9d37d065e4f9c4086e94a3c34bf8702618a

4. https://arbiscan.io/tx/0x44a0f5650a038ab522087c02f734b80e6c748afb207995e757ed67ca037a5eda

5. https://arbiscan.io/tx/0x5cd668b4ba1303f6e524f7e61882fd8858f0e26755627da23dead650f15c71a9

6. https://arbiscan.io/tx/0xa8bc0301f175d271965ccefeb256e4977cfefe76ef7ee2fe89a70ced2ca6f23d

After draining the pool, the attacker transfers the exploited ETH to AttackerWallet3 address on mainnet using Kyberswap's bridge aggregator, using Celer and Stargate as the underlying bridges. The ETH has remained in this wallet since.

Moving Forward

The execution of the attack was done 2 days after the launch of V2. The team spent the following days gathering intel and contacting relevant authorities and security professionals, and there is currently an active investigation for the missing funds. In addition, the team has notified relevant exchanges about the exploited funds and the address is currently being monitored for movement.

Moving forward, the team plans to continue building and experimenting with the Jimbo mechanics, making changes to liquidity structure, taxes, and borrowing. The future re-launch will include a repayment structure for all affected parties, as well as a dedicating a portion of all fees to an open security review within the community in perpetuity.

Acknowledgements

We would like to acknowledge Peckshield for identifying and alerting us of the exploit quickly after it occurred, giving detailed stack traces of the attack, and providing information & support throughout the investigation.

In addition, we'd like to thank our security analysts for volunteering their time and expertise to help with our ongoing investigations. Their guidance, knowledge, and support have been invaluable. In no particular order, these individuals and firms include:

• Ogle

• Sheikh Swampert

• Alicia Katz

• Tayvano

• William Schwab

• Anon whitehat (you know who you are 🫡)

• SurfCodeRepeat (White Lotus founder)

• Dedaub Team

  • Neville

  • Yannis Smaragdakis

• Peckshield Team

  • Patrick Lou

  • XJ

  • PxLinker

  • Stephen Bie

• Trader Joe Team

  • CryptoFish

  • Louis

  • 0xMurloc

Additionally, we'd like to thank yicunhui2 for recreating the attack for research. See the tweet thread for details:

Github link: https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/src/test/Jimbo_exp.sol