Decimal precision or rounding errors typically exist when a smart contract is performing division in an unsafe way. While smart contracts allow decimal values, there are only so many decimal digits that they can support. After this point, anything that can’t be represented within the decimal variable is truncated, causing a mismatch between the value recorded in the smart contract and the true value. In some cases, like the zkLend hack, an attacker can exploit this mismatch to drain value from the protocol.

In this incident, the attacker took advantage of the fact that the safeMath library used by the smart contract performs direct division, which rounds down when performing division. The attacker made a small donation into an empty wstETH market on the platform, then used donations to inflate the protocol’s lending accumulator. A cycle of repeated deposits and withdrawals exacerbated the issue, driving the value of the lending accumulator up to 4069297906051644020.0.

The attacker then made two deposits of 4.069297906051644021 wstETH and 8.138595812103288042 wstETH to increase their raw_balance in the protocol to 4. When they made a withdrawal of 6.103946859077466029 wstETH, the calculation of how much to burn (withdrawal amount divided by accumulator value) resulted in a value of 1.5. Since the protocol uses integer division, this was rounded down to 1.0, causing a decrease in their raw_balance from 4 to 3 instead of to 2.5.

By repeating this process several times, they were able to artificially increase their raw_balance value to 1724. This allowed them to drain all of the tokens deposited in other pools in the zkLend ecosystem.

Analysis of the attack after the fact indicated that the attacker might be linked to the EraLend attack of July 2023 due to the reuse of some Starknet addresses. The zkLend postmortem also hints at links to other significant DeFi hacks.

The zkLend hack is a classic example of an integer precision issue. While rounding down is expected behavior when performing division, there are certain cases where it can be extremely dangerous. In this case, the combination of an empty market, accepting donations, and integer division issues opened up the door to a major hack.

While the protocol had undergone past audits, the rounding error slipped through the cracks. For help in protecting your protocol against similar incidents, reach out to Halborn.