In April 2022, the Fei Protocol was the victim of a reentrancy attack. The attacker drained approximately $80 million in tokens from the vulnerable contract.
Inside the Attack
Reentrancy vulnerabilities occur in a smart contract when it doesn’t follow the check-effect-interaction pattern when sending value to an address. This pattern involves updating the internal state of the contract to reflect an external interaction before the external interaction occurs. This protects against reentrancy because that external interaction could involve a reentry into the vulnerable contract before it updates its state from the initial call.
In the case of the Fei Protocol, its use of code forked from Compound placed it at risk. Within the CEther code, multiple reentrancy vulnerabilities were fixed in a past update, but some vulnerable functions were overlooked.
The attacker took advantage of two functions in the Fei Protocol’s contracts: exitMarket and borrow. The exitMarket function verifies that a deposit is no longer used as collateral for a loan and then allows it to be withdrawn. The borrow function allows a user to take out a loan using a deposited asset as collateral and does not follow the check-effect-interaction pattern, leaving it vulnerable to attack.
The attacker exploited this vulnerability by calling borrow using a smart contract address. When the borrow function sends the loaned amount to the borrower, it has not yet updated its internal state to reflect the fact that the deposited asset is currently being used as collateral.
The fallback function in the smart contract taking out the loan is executed when the loan is sent to it and calls the exitMarket function, extracting the deposit used as collateral for the loan. This reentrancy vulnerability enables an attacker to take out a loan and also extract the deposited assets used as collateral for the loan.
By exploiting multiple different pools in the Fei Protocol smart contract, the attacker was able to drain $80 million in tokens from the protocol.
Lessons Learned From the Attack
This attack landed the Fei Protocol the #10 spot on Rekt’s leaderboard of DeFi hacks. Like many of the other leaders, this contract did not undergo a security audit, increasing its risk of exploitation.
Reentrancy attacks are a famous smart contract security threat, and the vulnerabilities in the Compound codebase were well known and the cause of several smart contract hacks.
If the Fei Protocol had undergone a security audit, it is likely that this vulnerability would have been found and fixed before it cost the protocol and its users $80 million.