FeiRari Vulnerability Post-Mortem

This Saturday, April 30th at ~9:30 EDT (1:30 UTC), Rari Capital suffered a re-entrancy attack which left their pools insolvent to the tune of roughly ~$80 million.

This attack included the FEI market that we’ve integrated here at Swivel — FeiRari Pool 8.


TL;DR:

As of now, May 2nd, ~90% of our user’s funds have been recovered, and ~198,000 FEI remain.

With the FeiRari community call happening tomorrow at 8:00 PM ET (0:00 UTC), the Swivel DAO is initiating recovery SIP (#006) preemptively at 12:00 ET to give our community time to learn what steps the FeiRari DAO will take next before making our own conclusions, while also expediting the normal SIP process.


The Vulnerability

Rari utilizes a fork of Compound’s money-market, which contains a relatively common re-entrancy vulnerability.

Compound itself limits exposure to re-entrancy by restricting approved tokens to ERC-20s, however many forks have failed to do so leading to lender losses in individual vulnerabilities across dForce/imBTC, CREAM, Hundred Finance, Voltage Finance, & DefiPIE.

Last month security researchers @samczsun, @hritzdorf, and @YSmaragdakis noted a similar vulnerability in Rari’s cToken contracts and were met by a very quick remediation from the Rari team: Report

During this remediation the Rari team utilized a global reentrancy guard on their cTokens, however in doing so their team failed to consider a potentially wider exposure scope and acknowledge that the Comptroller contract may need similar remediations.

The attacker was able to abuse an optimization for the transferring out of ETH, which had been added only one month after their audit last year, meaning unaudited code has been live ever since.

With this optimization and a lack of reentrant guard an attacker was able to:

  1. Flash loan and deposit 150,000,000 USDC into Rari
  2. Borrow ETH (triggering re-entrancy)
  3. Reentrant call `ExitMarkets()`, resetting debt to 0
  4. Repay Flashloan
  5. Repeat
Credit: PeckShield
Credit: PeckShield

The Loss

The vulnerability has resulted in bad debt across pools: 8, 18, 27, 127, 144, 146, 156

While the Rari team at first believed this vulnerability was limited in scope, it appears to extend to their Arbitrum deployment as well.

The attacker’s address: 0x6162….6157f

Attacker's Wallet
Attacker's Wallet

Attack Transaction: 0xab48….76530
Arbitrum Attack Transaction: 0x3212....203ef

ETH: ~6,100
FEI: ~20,250,000
DAI: ~14,300,000
FRAX: ~13,100,000
USDC: ~10,100,000
UST: ~2,800,000
LUSD: ~2,000,000
USDT: ~130,000
RAI: ~32,000

Total: ~$80,110,000


Swivel’s Exposure

With the launch of our FeiRari market, we saw a handful of new faces from the FeiRari tribe come lend through our markets.

We had roughly ~2,000,000 FEI lent through our Rari that was vulnerable; however, with the vulnerability limited in its execution, significant amounts FEI remained in FeiRari Pool 8 for withdrawal.

That said, the moment the hack became public, we quickly rushed to inform our community of the vulnerability through Discord, and more importantly reach out specifically to those affected.

With the tight knit size of our community, and significant engagement we have had in the past, we were able to get into personal contact with nearly all of our affected lenders, and have already recovered nearly 90% of our user’s funds.

That said, roughly 1,780,674,870,194,790 fFEI tokens (~198,000 FEI) remain in our Swivel contracts, leaving us a few options for additional recovery.


The TRIBE’s Next Step

As of now the FeiRari community is waiting with breath held for the community call tomorrow at 8:00 PM ET (0:00 UTC) for more information on potential ways forward and their plans for recovery.

As of now, the FeiRari team has made no commitments, however have offered a very significant whitehat bounty of $10,000,000 for the return of funds.

The FEI team sent the attacker the following message through an ETH transaction:

We noticed you may be considering the no-questions-asked $10m offer. If you wish to take us up on this, please deposit the remaining funds to the Tribe DAO Timelock: 0xd51dbA7a94e1adEa403553A8235C302cEbF41a3c


Swivel’s Next Step

With a bounty representing 12.5% of the vulnerability itself, Rari’s attacker may yet return funds (and Swivel’s exposure is limited). However, erring on the side of caution we have begun to prepare our emergency withdrawal procedures.

We will be immediately launching SIP (#006) Maturing Our FeiRari Market Early, with votes beginning at 12:00 UTC on May 2nd, 2022. This timeline hopefully gives our community time to listen in to the FeiRari community call and weigh their path forward with regard to our own.

Potential Paths:

Fund Recovery:

The first path is the completion and early maturity of our Rari FEI market.

Assuming Rari Pool 8 has FEI for withdrawal once our withdrawal queue completes:

  • zcFEI: Redeemable for FEI at a ratio of 99:100
  • nFEI: Redeemable for FEI at a ratio of 1:100
  • Redeemable FEI: Reedemable for FEI 1:1 (Calculated based on the exchangeRate at 0:00 UTC on 5-2)

The market itself would close until further notice, and an additional market would launch ASAP alongside our imminent Arbitrum launch.

FeiRari Recovery:

Depending on the response of the FeiRari DAO on tomorrows call, it may also make sense to continue the market as is, and trust in their recovery processes.

With significant PCV in both Rari/Tribe treasuries, and our funds specifically all in FEI within the FeiRari pool, our depositors likely will be able to redeem funds at or near face value.

The result would be that our market continues to operate as it has, with our impacted liquidity providers having earned significant rewards for their trust in our systems.


Conclusion

We will keep our community updated continuously as the situation progresses.

We were lucky to be able to recover 90% of our users’ funds, and given the current state of the FeiRari pool, we are very likely to recover 100% of user funds and continue operations as usual within the week.

I’d like to personally thank all our community members for sticking around through all this, and to those who we’re impacted and able to respond quickly, thank you for being here along for the ride!

We take security seriously at Swivel, and while no platform is ever bug free, and we cannot always guarantee the safety of our partner platforms, we strive to keep our lenders capital safe.

Keep your eyes out for a piece on our owndevelopment processes and how we ensure that our contracts avoid similar pitfalls and keep your money safe
(Hint: Check out my recent talk with Yield’s Alberto — Link)

— Julian Traversa


About Swivel Finance

Swivel is the protocol for fixed-rate lending and tokenized cash-flows.

Currently live on Rinkeby and on Mainnet, Swivel provides lenders the most efficient way to lock in a fixed rate as well as trade rates, and liquidity providers the most familiar and effective way to manage their inventory.


Website | Substack | Discord | Twitter | Github | Gitcoin | Careers


Subscribe to Julian Traversa
Receive the latest updates directly to your inbox.
Verification
This entry has been permanently stored onchain and signed by its creator.