Full Report
Jimbo creates a semi-stablecoin via rebalancing. This is version 2 of the protocol, which was an attempt to fix the first version with too many bugs in it. The whole point of this protocol is being able to rebalance (buying or selling accordingly) itself based upon the current state of the market. By doing this, the pool would keep a specific percentage of resources through out. By having a pool of resources, this would hopefully make the coin stable. This rebalancing for stability sounds like a blessing. However, this makes the assumption that the pricing is done fairly and equally. In the case of Jimbo, the rebalancing with bad prices was possible. With a bad price on the rebalance, the protocol lost an insane amount of money ($7 million). With an inflated price of Jimbo, the JimboController would transfer the contracts ETH back into the pool. By selling the Jimbo back to the pool, the attacker could make off with some extra profit. To hit this vulnerability, the attacker took out a large flash loan then performed the following actions: Swap a large amount of ETH to get JIMBO from the Uniswap and Trader Joe pools. NOTE: This causes a major surge in the price of Jimbo compared to ETH. Call shift() to rebalance the contracts assets for the Jimbo Controller. Use the now extremely valuable Jimbo tokens to get back the ETH. Leave the protocol in complete shambles. Do steps 1-4 over and over again. Do steps 1-4 over and over again. Repay the flash loan and keep everything else as profit. According to Peckshield the issue was a lack of slippage control on the protocol-owned liquidity being invested. In particular, a time waited average or price change check should have been added to account for these large attacker controlled changes.
Analysis Summary
# Incident Report: Jimbo Protocol Flash Loan Attack
## Executive Summary
The Jimbo Protocol, a DeFi project attempting to maintain a stablecoin through automated rebalancing, suffered a critical loss of approximately $7.5 million due to a flash loan attack exploiting a lack of slippage control within its `shift()` rebalancing function. The attacker manipulated the price of the JIMBO token to extract the protocol's wrapped ETH (WETH) reserves, leaving the protocol drained before repaying the loan and netting a substantial profit.
## Incident Details
- **Discovery Date:** Sunday, May 28, 2023 (Implied, based on attack occurring in "early hours of Sunday")
- **Incident Date:** Sunday, May 28, 2023 (Early hours)
- **Affected Organization:** Jimbo Protocol
- **Sector:** Decentralized Finance (DeFi) / Stablecoin Protocol
- **Geography:** Arbitrum Blockchain
## Timeline of Events
### Initial Access
- **Date/Time:** Early hours of Sunday, May 28, 2023
- **Vector:** Flash Loan Acquisition
- **Details:** The attacker executed a large flash loan (10k ETH).
### Progression of Attack
1. **Price Manipulation:** The attacker used the borrowed ETH to purchase a large quantity of JIMBO tokens from Uniswap and Trader Joe pools, causing a significant, artificial surge in the price of JIMBO relative to ETH.
2. **Rebalancing Trigger:** The attacker utilized the now overvalued JIMBO tokens to call the `shift()` function within the `JimboController` contract.
3. **Asset Transfer:** Because the JIMBO price was inflated relative to the pool's state, the `shift()` function erroneously calculated the necessary rebalancing, causing the protocol's contract liquidity (WETH) to be transferred into the pool.
4. **Profit Extraction:** The attacker sold their remaining, highly valued JIMBO tokens back to the drained pool, allowing them to claim the protocol's WETH liquidity.
5. **Repetition & Finalization:** Steps 1–4 were repeated multiple times until reserves were exhausted. The flash loan was repaid, leaving the remaining assets as profit for the attacker.
### Detection & Response
- **Detection:** The incident was alerted via Twitter after the attack began occurring.
- **Response Actions:** The Jimbo team eventually responded, reaching out to the hacker on-chain, offering a 10% bounty for the return of funds, and threatening to involve security researchers and law enforcement if no response was received within a specified timeframe.
## Attack Methodology
- **Initial Access:** Flash Loan (0x102be4bccc2696c35fd5f5bfe54c1dfba416a741 was the execution address).
- **Persistence:** Not applicable; this was a single-transaction exploit executed via function calls.
- **Privilege Escalation:** Not applicable in the traditional sense, utilized the protocol's own rebalancing function (`shift()`) against its logic.
- **Defense Evasion:** Defenses against price manipulation (slippage control) were absent.
- **Impact:** Direct draining of protocol liquidity (WETH).
## Impact Assessment
- **Financial:** Approximately $7.5 million USD in WETH lost. Over 4000k ETH (~$7.5M) was bridged to Ethereum.
- **Data Breach:** Not applicable (No personal data breach).
- **Operational:** Protocol liquidity drained; the protocol was left in "complete shambles."
- **Reputational:** Significant damage, especially as it occurred shortly after relaunching v2 to fix v1 bugs, marking the sixth known Arbitrum exploit in 2023.
## Indicators of Compromise
- **Behavioral indicators:** Repeated invocation of the `shift()` function following a large, rapid price swing in the JIMBO token caused by external ETH swaps into the liquidity pool.
- **Transaction Signature:** Calls manipulating the `JimboController` contract address (0x271944d9D8CA831F7c0dBCb20C4ee482376d6DE7).
- **Wallet Activity:** Large ETH outgoing transaction from an attacker-controlled address ([0x5f3591e2921d5c9291f5b224e909ab978a22ba7e]) back to Ethereum mainnet.
## Response Actions
- **Containment:** Not explicitly detailed, but the exploitation ceased once liquidity was exhausted or the attacker completed their operations.
- **Eradication steps:** Not listed.
- **Recovery actions:** Team initiated on-chain communication with the attacker, offering a 10% bounty ($750k implied valuation) for the return of funds, and threatened engagement with law enforcement.
## Lessons Learned
- **Vulnerability Type:** The core issue was a **lack of slippage control** on the protocol-owned liquidity being invested/rebalanced.
- **Mitigation Failure:** The protocol assumed fair pricing during the rebalancing mechanism, failing to account for attacker-controlled input that could artificially inflate asset values.
- **Necessary Safeguards:** Implementation of a time-weighted average price (TWAP) or a strict price change check was required before executing critical rebalancing functions like `shift()`.
## Recommendations
- Implement robust **slippage controls** across all protocol functions that interact with external market prices.
- Integrate **Time-Weighted Average Price (TWAP)** checks into any function that triggers significant internal asset movements based on current market rates to prevent rapid, attacker-induced price manipulation.
- Develop and follow a clear, proactive **communications plan** for security incidents, rather than waiting hours after the attack begins.