Beanstalk Exploit - A Simplified Post Mortem Analysis

0 23
Avatar for Cyekmyster
2 years ago

Preface

Built on Ethereum, Beanstalk a credit-based algorithmic stablecoin protocol, designed with the intention of disrupting DeFi and the rent-seeking collateralized stablecoin market lost $182 m in a flash loan attack on Sunday, April 17th, 2022. The attacker was able to identify and exploit flaws in the governance design. It enabled the attacker to gain a controlling stake in the protocol. The attacker drained the liquidity pool of its assets and got away with $76 million and BEAN fell about 75% from its $1 peg.   If you're new to the protocol, I highly recommend you read my article that covers Beanstalk and its governance mechanism at length before you proceed any further. In this article, I shall cover how the exploit was prepared and how it went down followed by Beanstalk's response. So without further ado, let's dive into the specifics.  

Beanstalk Exploit

The entire attack was based on a vulnerability that enabled the attacker to exploit the protocol's majority vote governance system. To put it simply, any individual with a 2/3rd share (a supermajority) of the vote can pass a BIP at any time.   

Flash loans have become increasingly popular in DeFi as they provide individuals with the exciting opportunity of profiting from arbitrage trading. However, DeFi is home to several hackers and malicious actors who utilize these very loans to steal massive amounts of crypto. (A flash loan eliminates the need for collateral as the initial loan must be repaid at the end of the transaction. The transaction fails if the borrower is unable to guarantee payback thereby eliminating the risk to the lender). So how did the attacker succeed? We shall cover that in the following section.

A lot of people have mentioned this act cannot be classified as a hack or a theft and that it's simply an outcome of a massive flaw in the governance design. However, I would like to add it was a combination of the following- 

1. Flash Loan - was crucial to the attacker obtaining majority control of Beanstalk's on-chain governance.
2. Governance Mechanism - the emergencyCommit() function that permitted the attacker to immediately execute the proposal on-chain. Normally, the execution of a BIP on-chain requires a minimum of 7 days but leveraging the emergencyCommit function helped the attacker bypass this (a 2/3rd share was necessary for execution)

In a gist, the attacker utilized the flashloan to garner just enough collateral to become a supermajority, pass a BIP and swindle $182 m from Beanstalk farms.

T-1 April 16th, 2022  

Step 1: The attacker obtained funds from TornadoCash and bridged them via Synapse Bridge.
Step 2: This action was followed by a deposit of 212,858 BEAN into the Beanstalk Silo by the same address.
Step 3: Step 2 facilitated the generation of sufficient Stalk (This is the yield-generating governance token) and Seed (vested Stalk) that enabled the attacker to create Beanstalk Improvement Proposals (BIP18 and BIP19). 

A couple of things to note 
*BIP18 was originally left blank (more on that later) 
*BIP19 was strategically named InitBip18 by the attacker and contained a verified contract to donate $250k to Ukraine and $10k to the proposer.

April 17th, 2022  

Initiation of Flash Loan Attack on Beanstalk

The flash loan (of approx $1B) was used to obtain 350m DAI, 500m USDC and 150m USDT from Aave, 32m BEAN from Uniswap v2 and 11.6m LUSD from SushiSwap. These tokens were used to add liquidity in Curve pools with BEAN for governance voting. So the attacker first minted 3CRV using DAI, USDC and USDT generating BEAN3CRV-f. Then a deposit of 32m $BEAN and 25m $LUSD into another contract enabled the creation of a new token BEAN3LUSD-f.

Next, the attacker deposited the aforementioned assets in the Beanstalk Silo and obtained sufficient Stalk and Seed to gain 70% of the total circulation (LP depositors get twice as many Seeds per Bean deposited compared to Bean deposits). This share enabled the attacker to get a 2/3rd supermajority vote and execute the emergencyCommit ()function.

Now, the attacker deployed and voted for a fake protocol improvement proposal (BIP18) that drained the pool fund and transferred the tokens (BEAN/WETH-BEAN LP/BEAN3CRV-f/BEANLUSD-f) to the attacker. This enabled the attacker to repay the flash loan as well as get 24,830 WETH in profit (approximately $76m, the remaining $106m was used to repay the flash loan to AAVE) which was funneled through the coin mixing tool TornadoCash. 

The attacker managed to deceive the community by making them believe BIP18 was only meant to donate money to the Ukraine donation address however, once the attacker acquired a majority governance stake through the flash loan the emergencyCommit function helped the attacker execute the proposal immediately after voting on it and just like that Beanstalk lost approximately $182m.

Breakdown of the lost $182m:

  • 36m BEAN ($36m)

  • $33m in ETH and $32m in BEAN from ETH-BEAN UNI v2 LP tokens ($65m)

  • 79.2M BEAN3CRV-f Curve LP tokens ($79.2m)

  • 1.6M BEAN-LUSD Curve LP tokens ($1.6m)

Once the attacker drained Beanstalk of its funds, the price of BEAN plummeted 75% from its dollar peg.

Later that day, Beanstalk took to Twitter to confirm the incident. "Beanstalk suffered an exploit today,". 

 Click here to read Beanstalk's official statement. 

I would like to add that not only has the team been responsive and approachable but the community has emerged stronger than ever. Beanstalk on April 19, 2022, outlined the path forward to continue on the ambitious journey. "This was an attack on Beanstalk's governance model, not its economic design". Click here to know how Beanstalk plans to move forward.

 

Closing thoughts

While Flash Loans aren't new in DeFi the only learning I have to draw from this entire episode is to perhaps limit the scope of governance proposals, shifting off-chain completely might interfere with the concept of decentralization and if on-chain governance is absolutely necessary introducing timelock is essential. There has to be sufficient time in between voting and execution so users can carefully review the proposals. It only took 13 seconds for the hackers to empty the account.

And, obviously DO NOT INVEST MORE THAN YOU CAN AFFORD TO LOSE.


 

EverythingBlockchain — In pursuit of simplifying the different blocks of the chain metaverse.

Donation address - 0xe9f581e005cbB94752A96198052088F206ac73b1
terra156dezwfl55zzckl5ud5tl69x8p4sh5zg3vt54x

Referrals

Braintrust, Loop, Presearch, Odysee, Binance

Socials

Substack, Twitter, Youtube, Medium, Reddit 

Any or all of the information provided through this work is intended solely for educational purposes and must not be treated as investment advice. Any lapses in presenting any of the information correctly are ours alone. We disclaim any liability associated with the use of this content.

 

 

 

 

 

 

 

1
$ 0.00
Avatar for Cyekmyster
2 years ago

Comments