Full Report
Zunami is a yield aggregator protocol for stablecoin staking. They lost 2.1M dollars in two transactions. How did this happen? The function calcTokenPrice() is used to determine the price of the tokens of the project. This is done by diving the total holdings of the pool by the number of existing tokens. The price of a token calculated this way can increased in price by adding tokens or decreased in price by somehow removing tokens. By donating funds to the pool, the value of LP token can be manipulated.
Analysis Summary
# Incident Report: Zunami Protocol Price Manipulation
## Executive Summary
On August 13, 2023, the Zunami Protocol was targeted in a price manipulation attack affecting its zETH and UZD liquidity pools. The attacker exploited a vulnerability in the `calcTokenPrice()` function by using flash loans and "donations" to artificially inflate the value of LP tokens, resulting in a loss of approximately $2.1 million (1,184 ETH). Following the exploit, both stablecoins suffered massive depegs, with UZD losing 99% of its value.
## Incident Details
- **Discovery Date:** August 13, 2023
- **Incident Date:** August 13, 2023
- **Affected Organization:** Zunami Protocol
- **Sector:** Decentralized Finance (DeFi) / Yield Aggregator
- **Geography:** Global / Decentralized
## Timeline of Events
### Initial Access
- **Date/Time:** August 13, 2023
- **Vector:** Smart Contract Exploitation (Price Oracle Manipulation)
- **Details:** The attacker utilized flash loans to initiate large token swaps, specifically targeting the SDT pool to create significant slippage.
### Lateral Movement
- **N/A:** The attack was a direct smart contract exploit; no lateral movement across traditional internal networks was reported.
### Data Exfiltration/Impact
- **Loss:** The attacker drained the zETH and UZD Curve liquidity pools.
- **Proceeds:** ~1,184 ETH was extracted across two primary transactions.
- **Value Destruction:** zETH depegged by 85%; UZD depegged by 99%.
### Detection & Response
- **Detection:** Security firms Peckshield and BlockSec identified the anomalous transactions and alerted the community via social media.
- **Response:** Zunami Protocol acknowledged the attack on Twitter, stating that "collateral remains secure" while beginning an investigation. The attacker moved the stolen funds to Tornado Cash to obfuscate the trail.
## Attack Methodology
- **Initial Access:** Exploitation of the `calcTokenPrice()` function via the `totalHoldings()` logic.
- **Persistence:** Not applicable (Atomic transaction exploit).
- **Defense Evasion:** Use of Tornado Cash to wash the stolen 1,184 ETH.
- **Discovery:** The attacker identified that donating funds to the protocol's strategies would directly inflate the calculated price of LP tokens.
- **Impact:** Price manipulation leading to the depletion of liquidity pools.
## Impact Assessment
- **Financial:** Estimated loss of $2.1 million USD.
- **Data Breach:** None (Standard blockchain transparency).
- **Operational:** The protocol's core stablecoin products (zETH and UZD) became effectively worthless and dysfunctional due to the depeg.
- **Reputational:** Significant damage to user trust, particularly as the protocol had undergone prior audits.
## Indicators of Compromise
- **Attacker Address:** `0x5f4c21c9bb73c8b4a296cc256c0cde324db146df`
- **Exploit Transaction (zETH):** `0x2aec4fdb2a09ad4269a410f2c770737626fb62c54e0fa8ac25e8582d4b690cca`
- **Exploit Transaction (UZD):** `0x0788ba222970c7c68a738b0e08fb197e669e61f9b226ceec4cab9b85abe8cceb`
- **Behavioral:** Large flash loan activity followed by "donations" to the `MIMCurveStakeDAO` strategy.
## Response Actions
- **Containment:** Monitoring of remaining collateral to ensure no further leakage.
- **Eradication:** Protocol paused or liquidity removed where possible (implied by investigation status).
- **Recovery:** Investigation into the MimCurveStakeDAO strategy which was identified as the specific weak point.
## Lessons Learned
- **Oracle Reliability:** Relying on `totalHoldings / totalSupply` for price calculation is extremely dangerous if `totalHoldings` can be easily manipulated via external "donations" or slippage.
- **Audit Limitations:** Audits may not cover new strategies added after the initial review. The MimCurveStakeDAO strategy was reportedly added after earlier audits.
- **Disclosure Ethics:** The incident highlighted the tension between security firms sharing details for transparency versus protecting protocols from "copycat" attacks.
## Recommendations
- **Anti-Manipulation Oracles:** Implement Time-Weighted Average Prices (TWAP) or decentralized oracle solutions (e.g., Chainlink) instead of spot-calculating balances.
- **Slippage Checks:** Implement strict checks on internal price movements during transactions to prevent flash-loan-induced spikes.
- **Continuous Auditing:** Ensure that every new yield strategy added to an aggregator undergoes a full security review before deployment.