The “white hacker” under the pseudonym samczsun discovered a vulnerability in the Lien Finance smart contract on the Ethereum blockchain, preventing the theft of 25,000 ETH (about $ 10 million).
Samczsun discovered the vulnerability on September 15th while searching for bugs in Ethereum smart contracts. The “hacker” accidentally found the Lien Finance protocol contract, which contained over 25,000 ETH. samczsun found out that anyone could withdraw coins from this smart contract. It had a “burn” function, with the help of which users could independently issue tokens with no value and exchange them for ether stored in a smart contract.
Given the anonymity of the Lien Finance team, the researcher reported the issue to Alexander Wade, ConsenSys cybersecurity specialist working on the development of the Ethereum ecosystem, and also contacted Ethereum security specialist Scott Bigelow. They began to look for a solution to the problem, considering several scenarios.
The Lien Finance team could have disclosed information about the vulnerability, but in that case, attackers would have taken advantage of this opportunity. It was also unsafe to return the coins to their previous holders, since predatory bots could have misappropriated them by performing the same operations using the Ethereum’s Dark Forest mempool.
Mempool is a staging area where transactions are accumulated, awaiting confirmation from miners, in order to be included in the next block. This zone is constantly “patrolled by predatory bots” that could automatically copy transactions to the mempool, replace their addresses with their own and “slip” duplicated operations to miners. Therefore, direct withdrawal of crypto assets from the Lien Finance smart contract would result in the theft of 25,000 ETH by these bots in a matter of seconds.
The researchers connected blockchain researcher Tina Zhen to the solution, as well as the auditing company CertiK and the SparkPool mining pool. Together, they developed a special API with which miners could accept transactions without exposing them to the mempool. In addition, in order to “save” 25,000 ETH, specialists prepared a script to create four signed transactions. However, these measures did not imply direct coin withdrawal. Lien Finance needed to transfer 30,000 SBT and LBT tokens, which are available for issuance in unlimited quantities, and convert them to ETH through the burn function.
As a result, the operation to save ethers was successfully completed in cooperation with the mining pool, which made it possible to avoid sending transactions to the mempool and their collision with bots. The transactions were placed in the block by the miners themselves. The Lien Finance team only had to exchange SBT and LBT tokens for ETH using the burn function. After a while, the Ethereum blockchain observer Etherscan confirmed the successful operation.
Recall that in May, “white hackers” discovered vulnerabilities in the Lykke and Hubdex cryptocurrency exchanges, due to which it was possible to withdraw digital assets worth a total of $ 18 million. In 2018, ethical hackers received about $ 900 thousand for information about bugs in various cryptocurrency projects.