Full Report
Vesper is a DeFi platform that should work and make money for you. This money is called yield from using your DeFi in various places. When the function rebalance() is called, it takes the underlying assets of a user and buys VSP. By doing this, the price of VSP is increased; VSP holders are entitled to a percentage of the yield based upon the use of the underlying asset produces. This is done by a Vesper's Rebalancing bot in order to distribute yield to holders through inflating the price of Vesper. The function rebalance appears to have been callable by anyone and not just the bot. This is part of the where the problem lies. An attacker could exploit the distribution function being callable by taking out a flash loan. First, an attacker would need to take out a loan in WETH and swap the WETH for VSP on Uniswap. Now, the pool has significantly more WETH than VSP, drastically inflating the price of VSP. Call rebalance() manually. Now, the triggering of this call will perform a swap to get VSP. But, because of the inflated price from the flash loan, the swap gets a much smaller amount of VSP than it should. As a result, most of the WETH from the rebalance() goes back into the hands of the flash loaner even though they did not participate in the farming at all. There is a cooldown period of the rebalance() call. So, this was not the most likely attack to occur. Additionally, they claim this attack would have been discovered through monitoring... but, I think that relying on this for security is a bad precedent to set. To fix this vulnerability, the frequency of rebases called by the bot from sped up dramatically. By doing this, the cost of the flash loan and swap fee makes the attack no longer viable. If there's no profit, then there is not attack. It appears that the whitehat hacker got no funds from this.
Analysis Summary
# Vulnerability: Yield Skimming via Unauthorized `rebalance()` Call
## CVE Details
- CVE ID: Not specified in the document.
- CVSS Score: Not specified in the document.
- CWE: Likely CWE-824 (Improper Restriction of Access to Critical Function) or similar access control flaw in smart contracts.
## Affected Systems
- Products: Vesper Finance platform, specifically involving the `VVSP` and `VSPStrategy` contracts.
- Versions: Vulnerable state prior to the fix implementation (specific contract addresses noted: `VVSP` at `0xba4cfe5741b357fa371b506e5db0774abfecf8fc`, `VSPStrategy` at `0xd5579a994194c142846abafa5919fbad0ae32aa2`).
- Configurations: Any configuration allowing unauthorized external invocation of the `rebalance()` function.
## Vulnerability Description
The core logic flaw resided in the `rebalance()` function (part of the yield distribution mechanism) being callable by any external entity, not exclusively by the intended Vesper Rebalancing Bot.
An attacker could exploit this by:
1. Taking a flash loan (e.g., WETH).
2. Swapping the borrowed asset for VSP on Uniswap, which artificially inflated the price of VSP due to the large influx of collateral (WETH) relative to VSP in the pool.
3. Manually calling `VVSP.rebalance()`. This function executes swaps (internally swapping underlying yield assets like wBTC for WETH, and then WETH for VSP) to distribute yield by increasing VSP price.
4. Due to the artificially inflated VSP price caused by the flash loan manipulation, the swap executed during `rebalance()` yields significantly less VSP for the underlying assets than it should have.
5. Consequently, the majority of the underlying asset (WETH) used in the rebalance swap is returned to the attacker (minus flash loan and swap fees), effectively allowing the attacker to skim the yield that the rebalance was supposed to distribute to legitimate VSP holders. A cooldown period on `rebalance()` existed but was circumvented by the attacker executing the exploit before the bot could.
## Exploitation
- Status: **Not exploited** (Identified by a whitehat researcher before malicious exploitation occurred).
- Complexity: Medium to High (Requires understanding of DeFi mechanics, flash loans, and precise timing around the rebalance cooldown).
- Attack Vector: Network (Remote via smart contract interaction).
## Impact
- Confidentiality: No direct impact reported.
- Integrity: High. Loss of generated yield intended for VSP holders. Maximum potential loss estimated around 78.6 ETH in yield.
- Availability: Low. No impact on core platform availability, only on the integrity of yield distribution.
## Remediation
### Patches
- The fix involved **dramatically speeding up the frequency of rebalances called by the bot**. This ensured that the yield accumulated between mandatory bot calls would be smaller than the combined cost (flash loan + swap fees) required for an attacker to perform the manipulative arbitrage, rendering the attack economically unviable.
### Workarounds
- Limiting the `rebalance()` function call access to only trusted addresses (likely the official bot address) would serve as an immediate conceptual workaround, although the reported fix focused on economic deterrence.
## Detection
- Detection methods relied on post-fact scanning or monitoring to identify abnormal on-chain activity related to simultaneous flash loans and `rebalance()` calls. The vendor stated that this behaviour would likely have been noticed through monitoring had it occurred.
- Indicators of Compromise (IOCs): Simultaneous, unusually large asset swaps/liquidity pool imbalances preceding an immediate `rebalance()` call initiated by a non-bot address.
## References
- Vendor Advisory/Disclosure (via Immunefi): Report by Dedaub Team.
- General Technical Analysis: Link regarding yield skimming (defanged): hxxps://medium.com/dedaub/yield-skimming-forcing-bad-swaps-on-yield-farming-397361fd7c72