Decoding Orion Protocol’s Reentrancy Exploit | QuillAudits


On February 2, 2023, the Orion Protocol was exploited on Ethereum and the BNB Chain. The attack was caused by a reentrancy vulnerability in the swap function of the contract, which resulted in an asset loss of almost $3 million, i.e., $191,030 on BSC and $2,836,206 on the Ethereum Chain.

Introduction to Orion Protocol

Orion Protocol is a liquidity aggregator connected to all of the major cryptocurrency exchanges and swap pools (centralized and decentralized), allowing users to get the best price for their trades from a single portal.

Check out the official whitepaper for more details on the project.

Vulnerability Analysis & Impact:

Ethereum Chain Details:

ATK Token(Fake): 0x64acd987a8603eeaf1ee8e87addd512908599aec
Attacker’s 1st Address: 0x3dabf5e36df28f6064a7c5638d0c4e01539e35f1
Attacker’s 2nd Address: 0x837962b686fd5a407fb4e5f92e8be86a230484bd
Attacker’s Contract(ETH): 0x5061F7e6dfc1a867D945d0ec39Ea2A33f772380A
Vulnerable Contract: 0x420a50a62b17c18b36c64478784536ba980feac8

Attack Txn (ETH): 0xa6f63fcb6bec8818864d96a5b1bb19e8bd85ee37b2cc916412e720988440b2aa

BNB Chain Details:

ATK Token(Fake): 0xc4da120a4acf413f9af623a2b9e0a9878b6a0afe
Attacker’s 1st Address: 0x3dabf5e36df28f6064a7c5638d0c4e01539e35f1
Attacker’s 2nd Address: 0x837962b686fd5a407fb4e5f92e8be86a230484bd
Attacker’s Contract(BSC): 0x84452042cB7be650BE4eB641025ac3C8A0079b67

Attack Txn (BSC): 0xfb153c572e304093023b4f9694ef39135b6ed5b2515453173e81ec02df2e2104

The Root Cause:

The swap’s function does not validate incoming tokens and has no reentrancy protection. The doswapThroughOrionPool function allows a user-provided swap path to be used with malicious tokens that can be used to re-enter deposits.

The ExchangeWithAtomic contract determines the deposit amount depending on the difference between the token count before and after, allowing the attacker to acquire more tokens.

Attack Steps:

The hacker’s initial funds came from the Binance hot wallet account.

  1. The attacker first created a Token contract with a transfer() hook, after which he transferred and authorized the Token.

2. The attacker borrowed tokens using the UNI-V2.swap method and exchanged them with the exchange path [USDC, ATK, USDT]. The ATK token will be used by the attacker for the callback.

3. Due to the callback of the Token contract created by the attacker, the attacker continued the callback through the token’s Transfer function to the depositAsset() function to accumulate the deposit amount and then withdraw the profits.

4. The attacker successfully withdrew 5,689,532 USDT, paid back 2,853,326 USDT, and swapped the remaining USDT for 1,651 WETH as the profit and his contract was self-destructed.

The attacker conducted a similar attack on BNB Chain, earning the exploiter $191,434 in profit. So, the total profit from the attack was approximately $3 million ($191,030 on BSC and $2,836,206 on ETH).

After the Exploit :

Following the incident, Alexey Koloskov, CEO of Orion Protocol, announced the incident through a Twitter thread.

Fund Flow:

The hacker then transferred approximately 1100 ETH into Tornado Cash.

As of this writing, the attacker still has approximately $1.1 million (657.5 ETH and 30.4 BNB) in one of his wallets.

How they could have prevented the Exploit?

Checks, Effects, and Interactions (CEI), Mutex, Pull Payments, and Gas Limits are all effective techniques for preventing reentrancy attacks. Using a reentrancy guard in the swap function could have prevented the attack in the first place.

For more information on preventing reentry vulnerabilities, visit this blog.

Web3 security- Need of the hour

Why QuillAudits For Web3 Security?
QuillAudits is well-equipped with tools and expertise to provide cybersecurity solutions saving the loss of millions in funds.

Want more Such Security Blogs & Reports?

Connect with QuillAudits on :
Linkedin | Twitter | Website | Newsletter | Discord | Telegram

Partner with QuillAudits :