Explained: The Rari Capital Hack (May 2021)

On May 8, 2021, Rari Capital, a DeFi project, was the victim of a smart contract hack.  The attacker stole approximately $11 million worth of tokens from the project, which is approximately 60% of all of the user funds invested in the project.

Inside the Attack

Like the recent Spartan Protocol hack, the attack against Rari Capital took advantage of how liquidity shares were calculated by a smart contract within the project.  

Rari Capital had set up an Ethereum Pool on their platform, which stored ETH and provided interest-bearing tokens in exchange.

The Ethereum Pool in question was linked to Alpha Finance and deposited ETH into Alpha Finance’s ibETH token for yield generation.  When setting up this contract, the Rari Capital team was unaware of two features of the Alpha Finance ibETH pool:

1. Total ETH Calculation: Rari Capital’s Ethereum Pool calculates the value of its ibETH as ibETH.totalETH() / ibETH.totalSupply().  The project was unaware of the fact that the value of ibETH.totalETH() can be manipulated within the ibETH.work function within Alpha Finance.  This means that the value of the ibETH in Rari Capital’s pool can be artificially inflated.

2. Contract Access: The project was also unaware that any user of ibETH.work can call any contract that it wants within that function.  This makes it possible to call the withdraw and deposit functions of Rari Capital’s Ethereum Pool within the function.

The attacker took advantage of these two factors to perform their attack.  Using the ibETH.work function, they inflated the value of ibETH within Rari Capital’s pool by inflating the value of ibETH.totalETH.  They then called the withdrawal function of the Rari Capital Ethereum pool, extracting more ETH than they initially deposited due to this inflated value.  This allowed them to drain the pool of value contributed by other Rari Capital users.

Lessons Learned

The Rari Capital hack demonstrates the lengths that attackers are willing to go to exploit DeFi protocols and carry out their attacks.  

In this case, the attacker took advantage of a couple of subtle details regarding how Alpha Finance’s contracts work to carry out their attack.  Without the ability to manipulate the total ETH value or call other contracts within ibETH.work, this attack would not have been possible.

Like the Spartan Protocol hack, this incident underscores the importance of double-checking how liquidity share calculations are performed in DeFi protocols.  Although the ratio of deposited value to total token supply should be invariant, attackers have demonstrated multiple times that these values can be eliminated.

As a result of this hack, Rari Capital plans to undergo additional security audits of their contracts.  While the contracts were previously audited by Quantstamp, engaging multiple auditors with different perspectives can help with ferreting out these complex vulnerabilities before they can be exploited by an attacker.