The Fellowship of a Smart Contract

Source: Adobe/antonpedko

“On September 15, 2020, a small group of people worked through the night to rescue over USD 9.6m from a vulnerable smart contract,” the author of a recently published blog wrote, starting the story.

Sam’s discovery

While looking at some smart contracts, expecting to find nothing of significance – particularly given the “countless yield farming clones” promising to turn farmers into millionaires, and most of which were forks of well-audited codes – a well-known security researcher and white hat hacker Sam Sun, aka Samczsun, found a previously unseen contract.

This one held over ETH 25,000, worth over USD 9,6m at the time, and USD 8.53m currently – “and would be a very juicy payday for anyone who managed to find a bug in its logic,” said the author.

And the long night had begun.

Quickly realizing the severity of the situation, Sam got to digging and discovered that the contract was part of Lien Finance’s protocol, whose team was anonymous, hence, not easily reachable. Contacting unverified people could mean accidentally leaking the exploit to the wrong person.

However, the protocol had worked with ConsenSys Diligence and CertiK for an audit, and as there was no time to lose, Samczsun looked for a contact from major blockchain company ConsenSys via the ETHSecurity Telegram channel. Diligence security engineer Alex Wade soon sent a message.

Alex’s conundrum

Wade found a channel ConsenSys Diligence set up with Lien a few months before, and an email address. He reviewed the code with Samczsun, and came up with two options: 1) try to exploit the issue; 2) reach Lien and have them go public, urging users to withdraw.

But both carried heavy risks, including attracting attackers once the issue goes public, as well as frontrunning, as discussed in the postEthereum is a Dark Forest‘ by Paradigm researchers Dan Robinson and Georgios Konstantopoulos. And as the post advised, Samczsun reached out to Scott Bigelow.

Scott’s third option

Bigelow was already in the process of designing “a simple system that seemed able to fool generalized front-runners, at least for the USD 200 I’d been able to test it with.” He was “hungry for a rematch” after participating in the recovery attempt from ‘Ethereum is a Dark Forest,’ which lost to front-runners. However, “for as much as I wanted that rematch, USD 9.6m was way outside my humble script’s weight class.”

Already with a person in mind, Bigelow wrote:

“For the past few months, I had been trying to establish contacts with miners for this very purpose: white-hat transaction cooperation. If ever there was a time to appeal to a miner to include a transaction without giving front-runners the chance to steal it, it was now.”

Tina’s blast

Tina Zhen was working with Bigelow on establishing just such cooperation. What was needed for this adventure, Zhen wrote, was “a direct channel to shield a whitehat [transaction] from getting sniped by the ‘advanced predators’ in the mempool’s ‘dark forest’.”

The team got on getting the green light from Lien (at this point Wade was trying to get in contact via ConsenSys-internal channels), as well as to get CertiK up to speed. To overcome the time difference, as the US team was fast asleep, Zhen “blasted a casual sounding message” on some WeChat groups to reach the Chinese team, and soon moved on to verifying a Certik team member – thus bringing the engineering lead Georgios Delkos into the expanding Zoom call.

Delkos helped Wade reach Lien and verify their identity. The Lien team agreed that the risk from trying to rescue the funds directly or publishing a warning was too high, and they gave their permission for the impromptu rescue team to try working directly with a mining pool to save the funds.

Zhen reached out to SparkPool’s co-founder Shaoping Zhang.

SparkPool’s new whitehat API

Upon speaking to Zhen, Zhang realized that the team needed a private transaction service:

“The whitehats wanted to send transactions to save a DeFi [decentralized finance] contract, but in order to prevent getting front-runned, they needed a mining pool to include the transaction without broadcasting it.”

As Zhen knew, SparkPool was already working on a “private transaction” feature on their Taichi Network, which was still under development and had not been tested. Given the urgency of the situation, the developers got to work to finish the feature.

And they did so in about two hours. They moved on to fixing bugs.

Scott’s and Sam’s 4 transactions

At this point, Sam and Bigelow were finishing the script to generate 4 sequential signed transactions. Processing them in order would not withdraw the ETH 25,000, wrote Bigelow, but would transfer the “falsely” created 30,000 Stable Bond Token (SBT)+Liquid Bond Token (LBT) tokens to the Lien team, subsequently allowing them to submit the final transaction to convert these tokens back into ETH.

“These 4 transactions, less than 1.5KB of data in total, were ready to heist [USD] 9.6m of assets, so long as no-one but SparkPool sees them until it is too late.”

And it worked. The transaction was not seen in the mempool, but appeared as part of a SparkPool block, fifteen blocks since the transaction started. “The Lien team was now in possession of enough SBT+LBT tokens to liquidate their entire system.”

Sam’s final phase

The tokens had been successfully transferred to Lien, without a sign of an attempted frontrunning. Lien confirmed it, then immediately sent out a transaction to withdraw the ETH stored in the contract.

Samczsun concluded the story:

“Seconds later, a pending transaction appeared on Etherscan. As we watched the loading indicator spin, I took the opportunity to reflect upon the events that lead to this moment. What had started as a quick glance at some contracts ended up turning into full-blown [war room] that pulled in experts from around the world. […] When the loading indicator finally turned into a green checkmark, the tense silence on the call gave way to a collective sigh of relief.”

Rescuing USD 9.6 Million in Ethereum: The Fellowship of a Smart Contract 102
Source: etherscan.io

Lien’s response

On September 22, Lien announced that the team had notified them of a bug in the “BondMaker” program, which the protocol said is an integral part of the Lien app.

Stating that no funds were lost in the ‘rescue’ process, and describing that process in detail, Lien said that, once they confirmed that the users’ funds were no longer at risk, they shut down the frontend of the Lien app and notified the community of the incident. They immediately moved on to “tabulating everyone’s balances and made all efforts to return their funds as soon as possible.”
__

Learn more:
In Devs We Trust: Bitcoin Bugs Die in Secret, Leaving Altcoins At Risk
Safety Second: Top DeFi Projects By Highest Audit Scores