Fei Protocol Flashloan Vulnerability Postmortem

We discussed this vulnerability during Episode 77 on 18 May 2021

Crypto-attacks are not my strong point, so I might be missing some nuance to this one. The first important concept is flash loans. These are smart contract backed loans, basically you can borrow money like a loan from a provider, the condition being that you must return the loan+fee/interest in the same transaction as you take the loan out. It enables arbitrage where you simultaneously purchase the same asset in multiple markets, taking advantage of a pricing difference. You get to pocket the profit, however it can also fund capital-intensive attacks like this.

FEI is a stablecoin, it tries to algorithmically stabilize its own price Minting new coins at $1.01 each whenever the price goes above that.

Uniswap, a decentralized exchange used to change between various crypto coins. You can swap on it, or you can be a liquidity provider, basically just deposit a coins into a pool at a particular rate. Liquidity should only be deposited at the current rate. The reserve rate should also be looked up before submitting the transaction and not as part of the transaction.

Which is where part of the problem comes in, FEI will sell newly minted coins on its “Bonding Curve” contract, the funds are held there until allocate() is called which then adds the funds to the Uniswap pool. Allocate looks up the current market rate to dump the funds into the pool with 100% slippage (price movement) allowed. Allocate does try to determine that its not being called within a contract, but the check fails to account for being called within a constructor which allows an attacker to cause the allocate call to happen during the transaction.

The full attack being that an attacker can flash borrow ETH, use some to purchase FEI on the Uniswap pool, driving up the market rate. Then purchase Fei from the bonding curve at $1.01. Trigger allocate which dumps the ETH into the ETH-FEI Uniswap pool at the current (artificially elevated market rate), and then sell back the purchased FEI at the elevated price and payback the flash loan, keeping the profit.