The attack on Safle and how the problem was fixed
Next-Gen identity wallet and composite blockchain infra provider for the decentralized cryptoverse, Safle had to delay their listing on SushiSwap due to a breach in their Eth token contracts.
Technical details of the contract breach are as follows -
Bridging contract for Poly <> Eth worked with a lock/unlock, burn/mint functionality.
If the user wants to bridge their tokens from the Ethereum chain to the Polygon chain, they will have to call the [deposit()](<https://github.com/getsafle/bridging-contract/blob/main/contracts/FxBaseRootTunnel.sol#L77>) function in the FxBaseRootTunnel contract.
The deposit() function will call the [burn()](<https://github.com/getsafle/bridging-contract/blob/main/contracts/eth%20token/Safle.sol#L34>) function from the Ethereum token contract.
The burn(address, amount) should accept the address from where the tokens are to be burnt and the number of tokens to be burnt.
The burn(address, amount) function should have a condition check to allow only the FxBaseRootTunnel contract to call that function and that check was not present.
This allowed any user to call the burn() function which gave the attacker the ability to burn anyone’s tokens.
On Monday, January 17, 2022, the Safle team deployed test liquidity on SushiSwap Liquidity Pool. Within minutes the attacker burnt SAFLE tokens in the SushiSwap Liquidity Pool in multiple transactions, draining 480,853 SAFLE. Details here — https://etherscan.io/tx/0xf7ea4e662a664e7e0451fffcd61de94456f4958e858b12c3d4bfa568750e04e3
This inflated the price of SAFLE and the attacker swapped SAFLE/WETH in a transaction. Since the tokens had been burned, the attacker was able to convert 56.88 SAFLE to 16.04 WETH.
Here are more details of the incident as captured by the blockchain explorer -
https://etherscan.io/tx/0xd457aeb845985c415decb5e1bec2c90a8ce8e3191a54f9e85168a608c84d1ef4 — Transaction of the Exchange
https://etherscan.io/tx/0xa015c1af7ad9a297b1e0b93cc28c0bc25037e10958f415cdb1ff1151c00ead3f — Seeding Money on the Attacker Account
Figure — Bridging-contract/contracts/eth token/Safle.sol. The burn method used for an attack. Due to lack of the ‘caller checking’ it can be called by anyone.
Why did this unfortunate incident happen?
Safle had entrusted SmartState with the audit of their protocols. However, the audit was performed just on the token side but the bridge part wasn’t audited properly. This way the SmartState team was unable to flag this vulnerability. We were still able to observe a few issues in the token contract itself, but unfortunately, we were not able to promptly inform the Safle team about the scope details. And we take responsibility for this miscommunication.
The best part is that the vulnerability has now been resolved. More details are given here — https://github.com/getsafle/bridging-contract/pull/8. The new SAFLE (Eth) contracts have been audited once again and bridged tokens have been deployed
Figure — The vulnerability resolved.
Next steps forward
We are working very closely with the Safle team and also with the Uniswap and Binance teams to investigate this matter further and to ensure that such incidents do not happen again. The Safle team is also making efforts to compensate for any personal losses to the members of their community.
Figure — Graph of the activities around the attacker’s account.
We are also happy to inform you that the Safle team has collaborated with us to develop a next-gen security project that seeks to increase the overall security level of the cryptoworld ecosystem.
We wish Team Safle all the very best and look forward to working closely with them to ensure that their platform operates smoothly and to develop a better security architecture for the cryptoverse.
To know more about what Smart State does, please visit our website at www.smartstate.tech