Reentrancy hack costs Orion Protocol $3M in ETH

Reentrancy hack costs Orion Protocol $3M in ETH

On the 2nd of February, 2023, Orion Protocol was hacked with a reentrancy attack, leading to a loss of approximately $3 million in assets.

Orion Protocol is a decentralized platform that aggregates both centralized and decentralized exchanges, thus allowing users to get the most out of their crypto balances and trading by collecting liquidity from a great number of supported exchanges within its API.

What is Reentrancy Attack?

A reentrancy attack takes place when a smart contract function transfers control of the transaction temporarily to an external contract, which may have been developed by unknown or hostile entities. This provides an opportunity for the external contract to make repeated calls back to the main smart contract function, leading to the depletion of its funds.

Root Cause of Orion Protocol Hack:

Through the use of a self-destructing smart contract, the perpetrator introduced a fake token named ATK into circulation, which was subsequently utilized to manipulate the Orion pools. The attacker took advantage of a partial reentrancy vulnerability that existed in the core contract of the pools. As a consequence of this flaw, the USDT balance was miscalculated.

The breach happened in the Ethereum and Binance blockchains contracts using a similar approach.

Attack Scenario of The Incident:

By utilizing the robust BlockSec Phalcon tool for transaction exploration and taking a close look at the contact snippet code, the flow of the hack was scrutinized.

The perpetrator engaged in the following actions:

  • Generated a fraudulent ATK that contained a hook on the transfer() function, and provided liquidity into Uniswap v2.

  • Utilized the depositAsset() function to deposit 0.5 USDC into the Orion Contract.

  • Acquired a flash loan of approximately 2.84 million USDT from Uniswap V2.

  • Executed the swapThroughOrionPool() function to swap USDC to ATK to USDT, with the deposited amount being first channelled through depositAsset().

  • During the process of swapping, the transfer() function in the ATK contract was triggered, resulting in the reentry of the depositAsset() function in the swapThroughOrionPool() function

  • The deposited USDT was consequently doubled to approximately 5.69 million USDT.

  • The perpetrator then proceeded to withdraw the deposited amount.

  • Next, the flash loan of 2.84 USDT was returned to Uniswap v2.

  • The remaining 2.84 USDT was swapped to 1.651 ETH.

A transfer of 1,100 was made to Tornado Cash, while 651 ETH was locked in the perpetrator's account.

Fund Flow on Ethereum Blockchain

Fund Flow on Binance Blockchain

Orion Protocol's Incident Response

The CEO of Orion protocol, Alexey Koloskov, reacted to this attack by addressing the public through Twitter chats to restore confidence in the Orion protocol platform. Below are some of his Twitter chats.

“We have reasons to believe that the issue was not a result of any shortcomings in our core protocol code, but rather might have been caused by a vulnerability in mixing third-party libraries in one of the smart contracts used by our experimental and private brokers”

“We want to reassure our users that no user experienced any loss during this incident. The assets at risk were in internal brokers accounts run by ourselves, the Orion Team, to enable decentralized access to centralized liquidity."

“We have been investigating this very sophisticated attack from the minutes it occurred. We will not reopen the Deposit function until we feel confident that the bug has been fixed which will only be after successfully passing new audits from leading audit firms.”

How to prevent Reentrancy hack:

The Orion contracts in this scenario had implemented a partial reentrancy guard, which the perpetrator exploited to hack the contract.

To prevent possible reentrancy vulnerabilities in smart contracts, several standard techniques can be employed, such as:

  1. Incorporate a mutex by adding a state variable that locks the contract during code execution, thereby preventing reentrant calls. However, an incomplete or non-reentrant mutex can lead to cross-contract or cross-function reentrancy.

  2. Adopt the checks-effects-interactions code pattern.

  3. Utilize the built-in transfer function when feasible, especially when sending ether to external contracts.

  4. Conduct multiple and thorough security audits of the protocol to ensure that all potential vulnerabilities are identified and addressed, to enhance the protocol's security.

Conclusion:

One of the most widely known and frequent attacks against smart contracts is reentrancy. While many significant DeFi projects, including Orion protocol, have implemented reentrancy protections, this particular incident highlights the possibility of an overlooked reentrancy attack vector.

To prevent reentrancy and other vulnerabilities, it is crucial to adhere to the best practices during development, as well as conduct smart contract audits and bug bounty programs to detect any potential issues.