WOWswap’s resistance to the attack exploited Vee.Finance

Since WOW protocol expands on Avalanche less than a week after a major attack on Vee Finance — another leveraged trading platform that also runs on Avalanche blockchain, our team decided to address this issues with a focus on security measures that WOWswap has in place to eliminate this type of exploits.

The official analysis of the attack was published by the Vee Finance can be found here — https://veefi.medium.com/the-main-cause-of-vee-finance-attack-7a8475085ec5

Though we found this analysis very informative, we disagree with the conclusion that the major cause of the attack was the reliance on Pangolin pair as a single source of price feed for a token. Instead, we believe that the major cause of the successful attack was a design flaw in the protocol that allowed the attacker to bypass the oracle mechanism in general.

To exploit Vee Finance the attacker made the following preparations:

1. Created a totally new token pair on Pangolin, in this example — ETH/QI pair with just a few cents of liquidity at a price of $0.15 per ETH: https://avascan.info/blockchain/c/tx/0x072c8cb4a3d71f833d9b22965993657fd2a38e599ed0bcaa37554b39ac0be1b0
2. Since Vee Proxy Controller smart contract uses not token contract addresses but smart contracts of reserves of those tokens (CTokens), which later requested for the underlying token addresses, the attacker created a malicious reserve contract that was able to return different information about underlying tokens to Vee Proxy Controller smart contract and Vee Oracle smart contract: to the Controller contract it returned QI token address and to the Oracle smart contract it returned WBTC token address.

The attack mechanism:

1. As Vee Proxy Controller smart contract did not whitelist or verify reserve smart contracts for swaps, the attacker provided the malicious reserve smart contract address to Vee Proxy Controller smart contract.
2. When Vee Proxy Controller contract requested an underlying token address, the malicious reserve contact returned QI token address, telling Vee Finance that the swap will be to buy QI for ETH (using ETH from Vee Finance’s reserve).

Vee Proxy Controller requests underlying token and receives QI token address

3. When the Price Oracle contract requested an underlying token address from the malicious reserve contract, instead of QI token, it returned WBTC token address, asking Vee Finance to verify whether QI/ETH price on Pangolin is no worse than the oracle’s price of WBTC/ETH.

Oracle requests underlying token and receives WBTC token address instead of QI’s

Since Oracle did not process decimals correctly, Vee Finance Controller valued 1.55 ETH as 0.0000000000112 WBTC. At the same time the pair created on Pangolin was offering to swap 1.55 ETH for 0.059 QI.

Vee Proxy Controller compared these 2 prices and decided that the price on Pangolin is better the the Oracle’s one and authorized the swap, permitting the attacker to swap 0.059 QI for 1.55 ETH using ETH from Vee Finance’s pool. https://avascan.info/blockchain/c/tx/0xc490b881f7434af48a1f39ca2d71064e93a1802b5853e3312e8800468dc83b81

4. Finally, using personal funds and the same QI/ETH pair on Pangolin the attacker swapped 0.059 QI back to 1.55 ETH. The attacker repeated this procedure for several times with several tokens.

We hope our analysis will help Vee Finance make their protocol more secure.

How WOWswap is protected against such attacks:

As you can see from our research, the main cause of the attack was not the reliance on Pangolin pair as a single source of price feed for a token, but the ability to bypass the oracle check at all.

Addressing this and other issues mentioned by the Vee Finance team in the their post-mortem analysis, we would like to disclose the following facts about WOW protocol:

1. To calculate token prices WOWswap uses only ratio of asset reserves within the trading pair on our partner AMM. This means that no indirect or unrelated sources of information that can be manipulated are taken into account.
2. WOWswap processes the prices with uniform decimals.
3. Attackers cannot submit arbitrary smart contract addresses to swap — only approved token pairs are allowed for margin trading on WOWswap.
4. Only approved accounts are allowed to submit a price change on WOWswap and we additionally check it before updating.

Your feedback 👂matters

1. Try WOWswap here.
2. Check FAQ and learn more: Wowswap documentation.
3. Join our telegram community.
4. Follow us on Twitter.