In November 2021, two DeFi hacks were performed that exploited the same underlying code.  While the hack on Synapse Bridge (which drained over $8 million in tokens from the protocol’s pool) ultimately failed due to a mistake by the hacker, the Nerve Bridge attacker stole about 900 BNB worth over $537,000.

Inside the Attack

Both the Synapse and Nerve Bridge protocols use code that was forked from Saddle.Finance.  This code contained a vulnerability in how it implemented two related functions: swap and swapunderlying.

These functions relate to the structure of the liquidity pools in the bridges, which contain a few different types of tokens and are designed to support cross-chain stablecoin markets.  A MetaPool (like the ones targeted in these attacks) allows swaps between a stablecoin and an LP token.  This LP token is based on several other stablecoins in the pool.

In the case of the Nerve Bridge hack, one target was the Nerve.3pool.  This allowed swaps between fUSDT and an LP token of BUSD, USD, and USDC.  In this case, the swap function allows swaps between fUSDT and the LP token, while swapUnderlying swaps fUSDT and the underlying stablecoins (BUSD, USD, and USDC).  Under the hood, swapUnderlying uses swapped tokens to add liquidity to the pool to get LP tokens and then implements the same logic as swap.

The issue arises in the calculation of the value of the LP token.  The swapUnderlying function calculates the “virtual price” of the LP token, while the swap function ignores the impact of this “virtual price”.  As a result, swap will always underestimate the value of the LP token compared to swapUnderlying.

The Nerve Bridge attacker exploited this discrepancy using a flash loan attack.  By using the swap function, the attacker was able to get an inflated number of LP tokens for the fUSDT they added to the pool.  The attacker then removed the liquidity of BUSD from the pool to get BUSD, after which they then used the swapUnderlying function to exchange for more fUSDT than they started with.

By repeatedly executing this series of steps, the attackers could drain value from the pool due to the slippage caused by the mismatched calculations of the value of the LP token in swap and swapUnderlying.  In the case of the Synapse hack, a transaction by the attacker to move the $8 million in stolen cryptocurrency to another chain via the protocol’s bridge was rejected by validators.  However, the Nerve Bridge attacker was successful.

Lessons Learned From the Attack

This vulnerability was made possible by using two different implementations of shared functionality.  If this functionality was broken out into a shared library or function, the slippage that made these hacks possible would not exist.

Both projects relied on third-party code for core functionality.  Doing so without a proper security audit places DeFi projects and their investors at risk.

Rob Behnke
11.25.2021