Full Report
Automated Market Makers are great! Well, until you manipulate the algorithmic part of it. It was audited by WhitehatDAO who cleared missed some things. In Hundred Finance, hTokens are liquidity provider tokens. These are interest bearing tokenized representations of user deposits. This is denoted with an h in front of the token name, such as hBTC. The exchange rate formula for the contract was based upon the amount wrapped Bitcoin (WBTC) that the hBTC the contract has inside of it. Using this knowledge and the lack of protection, this can be abused. First, the attacker donated 200 hWBTC from 200 WBTC. By donating a large amount of hWBTC to the contract, the exchange rate went up dramatically. Using the inflated exchange rate, they took out large loans from other platforms. Why is this bad? If we borrow 1M of assets at but provide something worth 1.5M, that's fine. However, the liquidation point is where the collateral becomes worth less than the borrowed funds. The attacker used the high exchange rate to trick protocols in accepting way less collateral than they should. Once they put the exchange rate back by redeeming the hWBTC, they kept the loan and left the useless collateral. Algorithms are hard when using have access to infinite money with flash loans. Overall, another DeFi hack on Hundred Finance. It should be mentioned that this a fork of Compound... the flaw is partially in the design of Compound.
Analysis Summary
# Incident Report: Hundred Finance Exchange Rate Manipulation
## Executive Summary
On April 15, 2023, the decentralized lending protocol Hundred Finance was exploited on the Optimism network, resulting in a loss of approximately $7.4 million. The attacker leveraged a flash loan to manipulate the exchange rate of an empty "hWBTC" token contract, allowing them to withdraw the protocol's liquidity using negligible collateral. The vulnerability is a known design flaw in Compound Finance forks related to rounding errors and exchange rate calculations in empty markets.
## Incident Details
- **Discovery Date:** April 15, 2023, shortly after 2:00 PM UTC
- **Incident Date:** April 15, 2023
- **Affected Organization:** Hundred Finance
- **Sector:** Decentralized Finance (DeFi)
- **Geography:** Global (Operations on Optimism/Ethereum L2)
## Timeline of Events
### Initial Access
- **Date/Time:** April 15, 2023, ~2:00 PM UTC
- **Vector:** Smart Contract Exploitation (Flash Loan & Donation)
- **Details:** The attacker utilized a flash loan of 500 WBTC from Aave to provide the initial capital required to manipulate a specific, empty hWBTC cToken contract on Hundred Finance.
### Lateral Movement
- **Technique:** Multi-contract interaction. The attacker used "Attack Contract 1" to transfer funds to "Attack Contract 2." Contract 2 performed the specific minting and redemption actions required to trigger the exchange rate rounding error.
### Data Exfiltration/Impact
- **Assets Stolen:** Approximately $7.4 million in various assets, including ETH, WBTC, and stablecoins (USDC/USDT).
- **Process:** By inflating the hWBTC exchange rate via a 200 WBTC donation, the attacker used a tiny amount of collateral (2 wei) to borrow and drain various lending pools across the protocol.
### Detection & Response
- **Discovery:** The incident was detected via on-chain monitoring as liquidity was drained.
- **Response Actions:** The Hundred Finance team acknowledged the hack on social media, paused interactions where possible, and began negotiating with the hacker via on-chain messaging.
## Attack Methodology
- **Initial Access:** Flash loan-funded market manipulation.
- **Persistence:** Not applicable (Atomic smart contract transactions).
- **Privilege Escalation:** Not applicable (Permissionless smart contract vulnerability).
- **Discovery:** Identification of an "empty" wBTC cToken contract not utilized by the main UI but active in the protocol code.
- **Impact:** Exchange rate manipulation. By donating 200 WBTC directly to the hWBTC contract, the `exchangeRateMantissa` (which relies on internal balances) was artificially inflated. Combined with a rounding error in the `redeemUnderlying` function, this allowed the attacker to keep a fractional amount of collateral that the protocol valued high enough to back massive loans.
## Impact Assessment
- **Financial:** Total loss of $7.4 million. The HND token price dropped approximately 50% following the news.
- **Operational:** Total loss of liquidity on the Optimism deployment; protocol trust severely compromised.
- **Reputational:** This was Hundred Finance's third major security incident in 14 months (previous losses totaled $9.5M), leading to significant community distrust.
## Indicators of Compromise
- **Attacker Addresses:**
- `0x155da45d374a286d383839b1ef27567a15e67528` (Optimism & Ethereum)
- **Transaction Hashes (Optimism):**
- `0x6e9ebcdebbabda04fa9f2e3bc21ea8b2e4fb4bf4f4670cb8483e2f0b2604f451`
- `0x15096dc6a59cff26e0bd22eaf7e3a60125dcec687580383488b7b5dd2aceea93`
## Response Actions
- **Containment:** Operations on Optimism were effectively halted by the drain of liquidity.
- **Negotiation:** An on-chain message was sent to the hacker to initiate a bug bounty negotiation.
- **Bounty:** 48 hours post-incident, the team launched a $500,000 reward for information leading to the arrest of the attacker or restoration of funds.
## Lessons Learned
- **Audit Limitations:** The protocol was audited by WhiteHatDAO in 2022, yet the "empty market" vulnerability (a known issue in Compound forks) was not mitigated.
- **Fork Risks:** Copying code (forking) inherits all architectural flaws of the original project. If the original design (Compound) has specific edge-case vulnerabilities, the fork remains at risk.
- **Empty Market Risks:** Launching or maintaining markets with near-zero liquidity allows for easier exchange rate manipulation via donations.
## Recommendations
- **Direct Donation Protection:** Implement safeguards against exchange rate manipulation caused by direct token donations to the contract (e.g., tracking internal balances vs. actual balances).
- **Initial Liquidity:** Ensure all new markets are initialized with a "burned" amount of liquidity to prevent the exchange rate from being easily manipulated from zero.
- **Code Review for Forks:** When forking established protocols, security teams must specifically review "known issues" or "legacy flaws" associated with the parent codebase (in this case, Compound V2).