Analysis of the UwU Lend Hack
Contents
Background
On June 10, 2024, the SlowMist MistEye security monitoring system detected a $19.3M attack on UwU Lend, a platform providing digital asset lending services on the EVM chain. Here’s what we found:
Relevant Information
- Attacker Address:
- 0x841ddf093f5188989fa1524e7b893de64b421f47
- Vulnerable Contract Address:
- 0x9bc6333081266e55d88942e277fc809b485698b9
- Attack Transactions:
- 0xca1bbf3b320662c89232006f1ec6624b56242850f07e0f1dadbe4f69ba0d6ac3
- 0xb3f067618ce54bc26a960b660cfc28f9ea0315e2e9a1a855ede1508eb4017376
- 0x242a0fb4fde9de0dc2fd42e8db743cbc197ffa2bf6a036ba0bba303df296408b
Cause of the Attack
The core of this attack lies in the attacker’s ability to manipulate the price oracle by executing large exchanges in the CurveFinance pool. This manipulation affected the price of the sUSDE token, allowing the attacker to exploit the manipulated price to drain other assets from the pool.
Attack Process
1. Flash Loan and Price Suppression:
- The attacker used a flash loan to borrow a large amount of assets, then exchanged a portion of the borrowed USDE tokens in a Curve pool to suppress the sUSDE price.
2. Creating Borrowing Positions:
- With the sUSDE price significantly lowered, the attacker used other base tokens to borrow a large …
On June 10, 2024, the SlowMist MistEye security monitoring system detected a $19.3M attack on UwU Lend, a platform providing digital asset lending services on the EVM chain. Here’s what we found:
Relevant Information
- Attacker Address:
- 0x841ddf093f5188989fa1524e7b893de64b421f47
- Vulnerable Contract Address:
- 0x9bc6333081266e55d88942e277fc809b485698b9
- Attack Transactions:
- 0xca1bbf3b320662c89232006f1ec6624b56242850f07e0f1dadbe4f69ba0d6ac3
- 0xb3f067618ce54bc26a960b660cfc28f9ea0315e2e9a1a855ede1508eb4017376
- 0x242a0fb4fde9de0dc2fd42e8db743cbc197ffa2bf6a036ba0bba303df296408b
Cause of the Attack
The core of this attack lies in the attacker’s ability to manipulate the price oracle by executing large exchanges in the CurveFinance pool. This manipulation affected the price of the sUSDE token, allowing the attacker to exploit the manipulated price to drain other assets from the pool.
Attack Process
1. Flash Loan and Price Suppression:
- The attacker used a flash loan to borrow a large amount of assets, then exchanged a portion of the borrowed USDE tokens in a Curve pool to suppress the sUSDE price.
2. Creating Borrowing Positions:
- With the sUSDE price significantly lowered, the attacker used other base tokens to borrow a large …
IoC
050c7e9c62bf991841827f37745ddadb563feb70
242a0fb4fde9de0dc2fd42e8db743cbc197ffa2bf6a036ba0bba303df296408b
48d7c1dd4214b41eda3301bca434348f8d1c5eb6
841ddf093f5188989fa1524e7b893de64b421f47
9bc6333081266e55d88942e277fc809b485698b9
b3f067618ce54bc26a960b660cfc28f9ea0315e2e9a1a855ede1508eb4017376
ca1bbf3b320662c89232006f1ec6624b56242850f07e0f1dadbe4f69ba0d6ac3
242a0fb4fde9de0dc2fd42e8db743cbc197ffa2bf6a036ba0bba303df296408b
48d7c1dd4214b41eda3301bca434348f8d1c5eb6
841ddf093f5188989fa1524e7b893de64b421f47
9bc6333081266e55d88942e277fc809b485698b9
b3f067618ce54bc26a960b660cfc28f9ea0315e2e9a1a855ede1508eb4017376
ca1bbf3b320662c89232006f1ec6624b56242850f07e0f1dadbe4f69ba0d6ac3