Conic Finance, a liquidity pool optimization platform designed for the decentralized finance (DeFi) protocol Curve, encountered an exploit on July 21st, 2023 that resulted in a loss exceeding $3.26 million, attributed to a vulnerability within their smart contract.
What is Conic Finance?
With its headquarters based in Milan and founded in 2022, Conic Finance operates as a facilitator, enabling users to effortlessly provide liquidity to multiple Curve pools in a single transaction. This feature enables users to diversify their investments across various assets, ultimately yielding higher returns. By utilizing the Conic Omnipool, any user can gain the ability to allocate their funds across the Curve protocol, proportionally aligning with the weights controlled by the protocol in each pool.
Official Response of Conic Finance
Soon after the attack, the protocol tweeted saying ‘We are currently investigating an exploit..’
The team later stated that the root cause of the attack was a "re-entrancy vulnerability," adding that "a fix to the affected contract is being deployed."
What is a reentrancy attack?
A re-entrancy attack is a sophisticated method employed to exploit vulnerabilities in a smart contract, enabling malicious actors to repeatedly invoke a specific function within the contract. This repetitive invocation creates an infinite loop, potentially leading to unauthorized access and siphoning of funds. Such attacks commonly occur in smart contracts that allow external code from untrusted sources to be executed within their environment.
The protocol stated in its port mortem report that the root cause of the exploit was a wrong assumption about what address is being returned by the Curve Meta Registry for ETH as the underlying of a Curve v2 pool.
The Conic ETH Omnipool utilizes ‘CurveHandlerV3` to determine whether a reentrant call is currently in progress. Initially, this check was only performed while interacting with a pool that contains ETH, which was verified using the ‘isETH’ method. The protocol assumed that Curve v2 pools utilizing ETH would have the ETH address (0xeee...eee) as one of their coins.
However, according to the post-mortem report, they discovered that these pools actually use the WETH address, leading to the ‘_isETH’ method returning as false and consequently bypassing the reentrancy guard of the rETH pool.
By bypassing this reentrancy check, the attacker could manipulate the price of the rETH Curve LP token.
With this manipulated price, they were able to deceive the ETH Omnipool into minting more cncETH LP tokens than it should for their deposits. The attacker employed this strategy in a loop, depositing and withdrawing at a favourable exchange rate to drain funds from the Omnipool.
Merkle Science’s Flow of Funds Analysis
Summary of the attack
1. Attackers exploited a read-only re-entrancy vulnerability in the protocol’s smart contract
2. The first attack took place on the ETH Omnipool after the exploiter launched a flash loan attack of 20,000 stETH
3. The second attack was on the crvUSD Omnipool that led to a loss of 13.58 ETH
Conic Finance suffered an exploit due to a read-only re-entrancy vulnerability in the new CurveLPOracleV2. This flaw enabled the exploiter to execute multiple recursive calls to the withdraw function.
As a consequence, the exploiter managed to misappropriate a substantial sum of 1,727 ETH, equivalent to approximately $3.26 Million in value.
Merkle Science’s blockchain forensics visualization tool 'Tracker' depicts the flow of funds
Flash Loan Attack on ETH Omnipool - On July 21st, 2023, during the early hours, the exploiter launched a flash loan attack of 20,000 stETH exploiting the ETH Omnipool.
Manipulation of rETH Curve LP Token Price - What followed was a series of swaps that manipulated the price of rETH Curve LP tokens, allowing them to mint almost double the cncETH tokens than it should for that specific amount of deposit.
Draining 1,700 ETH - This exploitative pattern was repeated multiple times, with the attacker depositing and withdrawing funds at a significantly favorable exchange rate, draining over 1,727 ETH from the Omnipool.
Funds Transferred to Associate Address - The stolen funds were subsequently transferred to an associate address controlled by the exploiter, where the funds currently remain untouched.
Second attack on Conic Finance
Within a short span of time, the crvUSD Omnipool (another pool controlled by Conic Finance) fell victim after the deployment of two more malicious contracts. The attacker might be aiming to exploit the crvUSD/USDC pool, which potentially put an amount equivalent to $1 million at risk.
Fortunately, the team was alerted to the threat, and the damage was contained to a loss of 13.58 ETH. Subsequently, 9 ETH was transferred to Tornado Cash as part of the attacker's maneuvers.