Rob Behnke
December 13th, 2021
In December 2021, the EOS DeFi platform PIZZA was the victim of an attack. The attacker took advantage of vulnerabilities in eCurve to steal $5 million in tokens from the protocol.
The PIZZA hack was made possible by a vulnerability not in the PIZZA code but in eCurve, an EOS-based clone of the Curve DeFi protocol. The eCurve code contained an integer overflow vulnerability that was exploited by the attacker.
Integer overflow vulnerabilities are possible because software uses variables of a fixed size to store values. This fixed size means that any variable can only store a certain range of values. If a value goes outside of this range, then it rolls over to be interpreted as a lower value.
Often, these vulnerabilities are exploitable if the same value is converted between two different variable types. For example, a signed variable interprets a one in the most significant bit of a value to mean that the number is negative, while an unsigned integer interprets this bit as part of the value (meaning that the number is very large). This mismatch could allow a value to be interpreted as a negative when being compared to an account balance (enabling it to pass the test) and then as a large positive value when transferring the value afterward.
In this case, the attacker took advantage of an overflow vulnerability in eCurve to create an infinite number of Tripool tokens, which they then deposited into the PIZZA platform. They could then drain PIZZA of all of the other tokens that were deposited in it, which were valued at about $5 million.
After the attack, the PIZZA team negotiated with the attacker for the return of the tokens. In the end, the $5 million in tokens were returned in exchange for a $500k bounty.
Integer overflow vulnerabilities are well-known and easily detectable during a smart contract security audit. Undergoing a comprehensive security audit before launching a smart contract can help to avoid incidents like this one.