Analysis2024-01-03

Radiant Protocol on Arbitrum Suffers Flashloan Attack, Resulting in $4.5M Loss: In-Depth Analysis Reveals Exploit Details

Tags

Attack
Analysis
Security

3 Minutes Read

Daniel Tan

Daniel Tan

Security Operation / Audit

Summary

On Jan-03-2024 UTC+8:00, the Radiant protocol on Arbitrum was under the flashloan attack. The hacker attacked the #Radiant protocol 3 times, resulting in a total loss of 1.9K $ETH(worth $4.5m).

TL;DR

On Jan-03-2024 UTC+8:00, the Radiant protocol on Arbitrum was under the flashloan attack. The hacker attacked the #Radiant protocol 3 times, resulting in a total loss of 1.9K $ETH(worth $4.5m). The root cause is the mathematical rounding issue in the burn function that is amplified and used, on a new $USDC market, which makes the hacker withdraw an extra $USDC. MetaTrust Labs conducted in-depth research and analysis on the exploit, revealing how the hacker exploits vulnerability.

Radiant Protocol

Radiant is a decentralized, non-custodial lending protocol, on multiple chains, including Arbitrum, BNBChain, and Ethereum. image.png

Radiant protocol's total value locked still has $313M after the attack, due to their rapid pause of protocol after the attack, stopped the further loss.

image.png image.png

Timeline

image.png

Transactions

0xc5c4bbddec70edb58efba60c1f27bce6515a45ffcab4236026a5eeb3e877fc6d

0x2af556386c023f7ebe7c662fd5d1c6cc5ed7fba4723cbd75e00faaa98cd14243

0x1ce7e9a9e3b6dd3293c9067221ac3260858ce119ecb7ca860eac28b2474c7c9b

Asset Loss

3 attacking transactions resulted in a total loss of 1.9K $ETH, worth $4.5M. At the time of writing, the 1.9K $ETH is still held in the hacker's wallet(0x826d5f4d8084980366f975e10db6c4cf1f9dde6d). image.png

Attacker

0x826d5f4d8084980366f975e10db6c4cf1f9dde6d

Attacking Contract

0x39519c027b503f40867548fb0c890b11728faa8f

Victim Contract

Radiant: Lending Pool (0xf4b1486dd74d07706052a33d31d7c0aafd0659e1)

rUSDCn(0x3a2d44e354f2d88ef6da7a5a4646fd70182a7f55).

What Happened Before the Attack

15 seconds before the attack, a new native USDC market on Arbitrum was created by the client. image.png The hacker is the first one who interacts with the new USDC market.

Attacking Steps

Take the first attacking transaction, 0x1ce7e9a9e3b6dd3293c9067221ac3260858ce119ecb7ca860eac28b2474c7c9b, as an example.

  1. Borrow 3M $USDC from AAVE with the flashloan function;
  2. Deposit 2M $USDC into Radiant Pool, with liquidityIndex as 1e27 image.png
  3. Do a $2M flashloan on Radiant Lending Pool, to inflate the liquidityIndex to 1.8e36.
  4. Repeatedly execute step 3, 151 times, to inflate the liauidityIndex to 2.7e38, which is 270000000000 times of its initial value. image.png
  5. Borrow 90.6 $ETH, worth $215K, from Radiant Pool, which is the profit of this attack;
  6. Create a new contract (0xd8b591);
  7. Approve an unlimited allowance of USDC to the new contract, transfer 543K $USDC to the new contract, and execute the below steps with the new contract;
  8. Deposit 543K $USDC to the Radiant pool, to mint 2 wei tokens because amountScaled is 2, 543600000002*1e27/271800000000999999999999998631966035920=2; image.png image.png
  9. Withdraw 407K $USDC from the Radiant pool, only burn 1 wei token because amountScaled is 1, 407700000000*1e27/271800000000999999999999998631966035920=1.5 and the mathematical rounding issue. Note that amountScaled is a uint256 type variable that will turn 1.5 into 1. image.png image.png
  10. Deposit 271K $USDC to the Radiant pool, mint 1 wei token because the amountScaled as 1, 271800000001*1e27/271800000000999999999999998631966035920=1 ;
  11. Withdraw 407K $USDC from the Radiant pool, only burn 1 wei token because amountScaled is 1.
  12. Repeat steps 10 and 11 as many as 18 times, and drain all the $USDC, which was deposited by the hacker before, from the new market.
  13. Swap 2 $WETH for 4.73K $USDC, swap 3.23K $USDC for 1.36 $WETH.
  14. Repay flashloan from AAVE with 3.5m $USDC as principal and 1.5K $USDC as a fee.
  15. Get a profit of 90 $ETH.

Root Cause

The root causes are that the hacker is the first one who interacts with the newly created native USDC market, inflates liquidityIndex with the floanloan feature of Radiant protocol, and uses the mathematical rounding issue to steal collateral from the lending pool.

Key Code

image.png image.png

About MetaTrust Labs

MetaTrust Labs is a leading provider of Web3 AI security tools and code auditing services incubated at Nanyang Technological University, Singapore. We provide advanced AI solutions that empower developers and project stakeholders to protect Web3 applications and smart contracts. At MetaTrust Labs, we are committed to protecting the Web3 space so that builders can innovate with confidence and reliability.

Website: metatrust.io

Twitter: twitter.com/MetatrustLabs

Share this article

Previous
The Rise of North Korean Cybercrime: How to Secure Your Web3 Development
Next
Enhancing Web3 Dapp Security: A Deep Dive into MetaTrust Prover's Advanced Verification