Full Report
This post has a title that alludes to a famous MEV exploit article called Ethereum is a Dark Forest. In that story, the author of a post found some funds laying around that anybody could capture. They tried getting the funds for the poor victim but a bot swooped in and stole it. samczsun was auditing a large amount of yield farming clones with the same pitch: stake your tokens to become the next crypto millionaire. While looking at some code late at night, they were looking where Ether was transferred and found two hits. The second one was a burn function that sent Ether to the sender. The auditor found an issue. This was a contract to redistribute Ether to the bond holders upon maturity. The vulnerability was that a BondGroup could be made at no cost by providing an empty array. By setting the maturity to be the same as BondGroup 10 (with 25K Eth), it would be a valid. Then, an attacker could exchange the empty BondGroup with a non-empty BondGroup by calling exchangeEquivalientBonds. At this point, they had essentially create a worth bond and turned it into a valid one. Wild! The author had an exploit in hand. What to do now? If they get users to withdraw their funds, then some funds might get stolen. If they exploit it themselves, they could get hit by the Dark Forest. These whitehats wanted a rematch against the bots. They built a trusted war room for people to try to perform this attack. To defeat the Dark Forest, they wanted to tap into a private mining pool. This way, since it wasn't in the mempool, it couldn't get frontrun. SparkPool has a special beta way of sending private transactions. So, this was the way to go. They sent up 4 signed transactions to exploit this vulnerability. They tested them locally and really verified this would work. The plan was to transfer a large amount of 30K of SBT+LBT tokens to the Lien team. Then, the Lien team could run the final transaction to swap this for ETH. They sent the transactions on the private setup and the team got the ETH back. It had worked. They had escaped the Dark Forest with $9.6M. The heros!
Analysis Summary
# Incident Report: Rescue of $9.6M from Lien Finance
## Executive Summary
A critical vulnerability was discovered in the Lien Finance protocol that allowed any user to mint tokens for free and exchange them for the contract's entire Ether reserve. A white-hat group successfully coordinated a rescue operation, securing $9.6 million USD (approx. 25,000 ETH) by utilizing a private transaction relay to bypass malicious "front-running" bots in the Ethereum mempool. The funds were successfully returned to the protocol developers.
## Incident Details
- **Discovery Date:** September 15, 2020
- **Incident Date:** September 15-16, 2020
- **Affected Organization:** Lien Finance
- **Sector:** Decentralized Finance (DeFi)
- **Geography:** Global / Distributed
## Timeline of Events
### Initial Access (Vulnerability Discovery)
- **Date/Time:** Late night, September 15, 2020
- **Vector:** Manual Code Audit / Security Research
- **Details:** Security researcher `samczsun` identified a flaw in a `burn` function. A `BondGroup` could be created using an empty array at no cost. This "worthless" bond could then be swapped for a valid one via `exchangeEquivalentBonds`, allowing the extraction of all ETH in the contract.
### Detection & Response
- **Discovery:** Researcher identified the bug while auditing yield farming clones.
- **Coordination:** Researcher contacted colleagues from ConsenSys Diligence and other security experts to form a "war room."
- **Strategy:** The team determined that a public transaction would be sniped by bots. They engaged **SparkPool** (a mining pool) to process the transaction privately.
- **Execution:** Four signed transactions were prepared and sent via a private mining channel.
- **Resolution:** 30,000 SBT+LBT tokens were transferred to the Lien team, who then executed the final withdrawal of ~25,000 ETH.
## Attack Methodology
- **Initial Access:** Not applicable (White-hat discovery of smart contract logic flaw).
- **Discovery:** Source code analysis of the Lien Finance protocol.
- **Lateral Movement:** N/A (Smart contract exploit).
- **Exfiltration/Impact:** The vulnerability allowed for the unauthorized withdrawal of 25,000 ETH via manipulated bond exchanges.
- **Defense Evasion (White-hat):** To avoid the "Dark Forest" (generalized front-running bots), the team used a private RPC endpoint provided by SparkPool to bypass the public mempool.
## Impact Assessment
- **Financial:** $9,600,000 USD (25,000 ETH) at risk of total loss.
- **Data Breach:** None (Financial assets only).
- **Operational:** Protocol halted/interrupted for emergency remediation.
- **Reputational:** High risk; however, the successful white-hat rescue mitigated long-term damage.
## Indicators of Compromise
- **Behavioral indicators:** Unusual minting of `BondGroups` using empty arrays followed by immediate calls to `exchangeEquivalentBonds` and `burn`.
- **Transaction Hash:** `0xe99ccb0b21854b65a2fa283638ab9ef01962b61c3310b596b4597bf22b911a43` (The recovery transaction).
## Response Actions
- **Containment:** Formation of a trusted international "war room" including researchers and mining pool operators.
- **Eradication:** Identification of the specific vulnerable logic in the `BondGroup` creation.
- **Recovery:** Diversion of transactions away from the public mempool to SparkPool’s private relay to ensure the "rescue" transaction wasn't front-run by attackers.
## Lessons Learned
- **The "Dark Forest" is Real:** Publicly visible transactions for large amounts of ETH are highly likely to be intercepted by automated arbitrage/theft bots.
- **Importance of Private Relays:** White-hat rescues require cooperation with miners to bypass the mempool.
- **Audit Gaps:** Even audited projects (Lien had been audited by ConsenSys and CertiK) can contain "logic" bugs that slip through standard checks.
## Recommendations
- **Implement Flashbots/Private RPC:** Developers should have plans for using MEV-protection tools like Flashbots for emergency migrations.
- **Enhanced Logic Audits:** Focus audits specifically on "untrusted input" scenarios, such as passing empty arrays to functions that initialize state.
- **Established Communication Channels:** Protocols should have clear, non-anonymous emergency contact procedures (e.g., security.txt or a dedicated "War Room" protocol) to assist researchers in reporting critical bugs.