Full Report
Deus Finance is a derivatives trading platform. Calculating the price of a token is complicated in a decentralized system. If it is done via an off-chain oracle, like chainlink, then a deep amount of trust is being put into them. If it's being done by an algorithm, the algorithm can be manipulated to make the price too high or too low. In this case, the price oracle is generated with some simple math from the Solidex pool: (dei balance * usdc balance) / total supply What would happen if one of these parameters was manipulated? By taking out a large flash loan, the price is drastically changed. In particular, taking out a large amount of DEI cuts the pool amount by a lot. Once a users collateral is worse less than what they are trading on, their assets become insolvent. These accounts can be liquidated, giving the user the LP tokens from the liquidated users. Since the attacker has their hands on a large amount of LP tokens, they can burn this to recoup the original value. Finally, they repay the flash loan and make a profit from other users derivatives. What's the lesson here? Use a Time Waited Average Price (TWAP). The weighting the average price over time, like a large order, or flash loan, doesn't affect the price very much. A few extra links: Peckshield analysis and Rekt.news.
Analysis Summary
# Incident Report: Deus Finance Flash Loan Oracle Manipulation
## Executive Summary
Deus Finance, a decentralized derivatives platform, fell victim to a flash loan attack that exploited its price oracle mechanism. By manipulating the liquidity pool balance used for price calculations, the attacker forced user accounts into insolvency, liquidated their positions, and siphoned off the resulting collateral. The incident resulted in a multi-million dollar loss due to the lack of a Time-Weighted Average Price (TWAP) mechanism.
## Incident Details
- **Discovery Date:** April 28, 2022 (approximate)
- **Incident Date:** April 28, 2022
- **Affected Organization:** Deus Finance
- **Sector:** Decentralized Finance (DeFi)
- **Geography:** Global / Decentralized
## Timeline of Events
### Initial Access
- **Date/Time:** April 28, 2022
- **Vector:** Smart Contract Exploitation (Flash Loan)
- **Details:** The attacker utilized a flash loan to borrow a massive amount of funds, providing the necessary capital to manipulate the Solidex (DEI/USDC) liquidity pool.
### Lateral Movement
- **Oracle Manipulation:** The attacker executed a large trade to drain DEI from the Solidex pool. Because the Deus price oracle calculated value using a simple spot price formula `(dei balance * usdc balance) / total supply`, the sudden shift in pool balances caused the reported price of DEI to plummet or deviate significantly.
### Data Exfiltration/Impact
- **Insolvency & Liquidation:** As the manipulated oracle reported a devalued price for user collateral, numerous legitimate user accounts were marked as under-collateralized (insolvent).
- **Collateral Theft:** The attacker triggered liquidations on these accounts, obtaining the LP (Liquidity Provider) tokens acting as collateral.
- **Profit Realization:** The attacker burned the acquired LP tokens to recoup the underlying assets, repaid the flash loan, and exited with the surplus profit.
### Detection & Response
- **Discovery:** On-chain monitoring tools and security firms like PeckShield identified the anomalous transactions and price fluctuations.
- **Response Actions:** The incident was analyzed by the community and security researchers to identify the specific vulnerability in the price calculation logic.
## Attack Methodology
- **Initial Access:** Flash Loan (Uncollateralized high-volume loan).
- **Persistence:** N/A (Atomic transaction).
- **Privilege Escalation:** N/A.
- **Defense Evasion:** Use of smart contract automation to execute the manipulation and profit-taking within a single block.
- **Credential Access:** N/A.
- **Discovery:** Identification of a vulnerable spot-price oracle calculation in the Deus Finance smart contracts.
- **Lateral Movement:** Price manipulation across the Solidex liquidity pool to affect the Deus platform.
- **Collection:** Forced liquidation of user collateral.
- **Exfiltration:** Transfer of stolen funds via decentralized exchanges.
- **Impact:** Financial exhaustion of the platform's user base and collateral reserves.
## Impact Assessment
- **Financial:** Approximately $13.4 million (based on PeckShield and Rekt.news reports).
- **Data Breach:** None (non-custodial platform).
- **Operational:** Disruption of trading services and loss of peg for the DEI stablecoin.
- **Reputational:** Significant loss of user trust in the platform’s mathematical security and risk management.
## Indicators of Compromise
- **Behavioral indicators:**
- Sudden, massive imbalance in the DEI/USDC Solidex pool.
- Large-scale liquidation events occurring within the same block as a flash loan.
- High-volume burning of LP tokens by a single entity.
## Response Actions
- **Containment:** Community alerts issued to stop users from interacting with the affected pools.
- **Eradication:** Identification of the faulty oracle math `(dei balance * usdc balance) / total supply`.
- **Recovery:** Implementation of more robust oracle solutions in subsequent contract versions.
## Lessons Learned
- **Oracle Vulnerability:** Relying on instantaneous "spot price" math from a single liquidity pool is dangerous, as it can be manipulated with enough capital.
- **Flash Loan Risks:** Any protocol function that relies on the "current state" of a pool can be gamed using flash loans.
- **Security Audits:** Critical price discovery mechanisms require rigorous stress-testing against inorganic volatility.
## Recommendations
- **Implement TWAP:** Transition to a Time-Weighted Average Price (TWAP) oracle, which averages prices over a set duration, making single-block manipulations ineffective.
- **Decentralized Oracles:** Utilize decentralized oracle networks like Chainlink that aggregate prices from multiple high-liquidity sources rather than a single DEX pool.
- **Liquidation Delays:** Introduce brief delays or check-sums for liquidations to ensure they are not occurring based on momentary price spikes or flash loan attacks.