.png)
3 years ago
212 BOOK THIS SPACE FOR AD
ARTICLE AD
Summary
Whitehat Wen-Ding Li reported a vulnerability in Mushrooms Finance classified as “high” to Immunefi on April 27. The vulnerability was a theft of yield, but the attack was not a flash loan. Rather, the attack was an MEV (miner-extractable value) attack with flash bots, which is similar but distinct from a flash loan.
Regrettably, the vulnerability was exploited twice (block 12312954 (~0.0345 eth) and block 12319752 (~0.0504 ETH)) prior to Wen-Ding Li’s report, leading to a loss of ~$222 in total. Mushrooms Finance has since patched the vulnerability. If this attack had not been mitigated swiftly by Mushrooms, it would have been repeatable.
Mushrooms Finance has paid a bounty of $4,000 USDC to whitehat Wen-Ding Li for the report.
Vulnerability Analysis
Theft of yield vulnerabilities occur when an attacker finds a way to steal the yield (not original user funds) generated from some on-chain financial activity like staking. This particular theft of yield is somewhat different from a normal theft of yield attack, where a harvest function (the function that distributes the yield) can be called by an external entity during a flash loan. Mushrooms Finance has an effective, pre-existing mitigation against this classic flash loan attack by requiring that the caller of the harvest function be an externally owned account, that is, a wallet and not a smart contract.
This particular vulnerability was an MEV searcher sandwich attack made easier by the existence of flash bots.
An MEV searcher creates a “bundle” and sends it to the flash bot as a sequence of transactions that must execute exactly in order for the miner to receive the bribe.The MEV searchers look in the mempool for transactions that are vulnerable to market manipulation, such as frontrunning .then they make a transaction which distorts the relevant pool using their own assets (which is similar to but distinct from a flash loan). A flash bot MEV searcher forces a set of transactions to occur in a particular sequence — e.g. two transactions which sandwich the victim transaction in the middle, where the victim transaction is the harvest function.
The step by step execution of the attack is as follows:
In the first transaction, the MEV searcher uses their own funds, not a flash loan, to distort the price of the Uniswap pool. https://etherscan.io/tx/0xec730c75c3b95debc6fb83216661d7832d2a761a1883c0c6b7593d33a860780cIn the second transaction, the Mushrooms harvest occurs. This is a normal transaction that is being called by the Mushrooms finance deployer. The malicious ordering happens due to the flash bot miner. https://etherscan.io/tx/0xa0ac048a8109e20c853da140c123f46f8a758fd8021978ff5f1fa749babbc70fIn the third transaction, the MEV searcher returns the Uniswap pool to its undistorted state, obtaining a portion of the Mushrooms harvest. https://etherscan.io/tx/0x7ae34b797960cf6cbe2fac97f986482d5594896fc441414458da688ca6ed98cdThe MEV searcher pays a bribe to the flash bot miner (but only if the preceding transactions executed successfully). This usually happens as part of the same transaction as 3.Vulnerability Fix
Mushrooms Finance has configured its keep3r to run harvests more frequently, as merely adding permission requirements on the harvest function and adding EOA requirements are insufficient. Keeping harvests small but frequent makes it economically unprofitable for MEV searchers to perform this attack because the size of the swap required to distort the Uniswap pool incurs more swap fee than the profit from the harvest.
Acknowledgements
We want to thank Mushrooms Finance for their work in patching the vulnerability and paying out a bounty to whitehat Wen-Ding Li. To report additional vulnerabilities, please see Mushrooms Finance’s bug bounty program with Immunefi. If you’re interested in protecting your project with a bug bounty, visit the Immunefi services page and fill out the form.
References
[1] Mushrooms Finance audits: https://github.com/mushroomsforest/deployment/blob/main/security.md#existing-audits
[2] Dedaub team report on similar issue: https://medium.com/dedaub/yield-skimming-forcing-bad-swaps-on-yield-farming-397361fd7c72
Bengali (Bangladesh) · 
English (United States) ·