Decoding ROE Finance’s Flash Loan Exploit | QuillAudits


On the 11th of January, 2023, ROE Finance was attacked in Ethereum Chain. The attacker used Flash loans to create an imbalance in one of the pools and manipulate the price. Then he drained the balance of the victim pool leading to the loss of $80K.

Introduction to ROE Finance:

The ROE product ecosystem builds on top constant product (xy=k) AMMs by allowing LP providers to earn additional interest income on top of their swap rewards by lending out their LP tokens to interested borrowers who solve these two problems via a variety of trading strategies.

More information on the protocol can be found in the official documentation.

Root Cause:

The attack took advantage of Price manipulation to steal money from the Protocol. The underlying cause is the pool’s limited liquidity, which results in price oracle manipulation via Flash Loans.

Attack Steps:

1. The attacker took a flash loan of 5.76 million USDC from the balancer and deposited it in the pool.

2. Then the attacker borrowed 2,953,841,283 UNI-v2 tokens from the pool on behalf of his EOA i.e. 0x67a9 and deposited the tokens into the pool. The attacker then repeated the same action 49 times.

3. The attacker burned 2,953,841,283 UNI-v2 and received around 2.96 WBTC and 51,661 USDC.

4. The attacker sent 26,024 USDC to UNI-V2 and then called the sync function. Now, Oracle’s UNI-v2 pricing has now been changed from 34,594,505,763,870 to 43,208,067,620,499. After the Price manipulation, the attacker’s collateral becomes worth roughly $6.25 million USD.

5. The attacker then borrowed 5.67 Million from the pool, swapped 0.66 WBTC for 14, 345 USDC, and finally paid back the flash loan. See below:

The original transaction was front runned by a MEV bot, and the Bot owner took away the profit of around $78,190 i.e ( 2.29 WBTC and 39,982 USDC)

After the Exploit :

There is no official announcement from Roe Finance regarding the hack.

Status of Funds:

The attacker( 0x67a9) converted the USDC and WBTC tokens to DAI and send the amount($78,190) to his another wallet i.e. (0xe2ba1)

The address(0xe2ba1) labelled as RoeFinance Exploiter 2 currently has around $76,728 left in his wallet.

How to Prevent Flash Loan Attacks?

Recently there has been a massive increase in flash loan attacks in the DeFi space. Their occurrences have given birth to two popular solutions. Check out here for a detailed explanation.
1. Decentralized Pricing Oracles
2. Implementation of DeFi Security Platforms

Further Reference:

Web3 security- Need of the hour

Why QuillAudits For Web3 Security?

QuillAudits is well-equipped with tools and expertise to provide cybersecurity solutions saving the loss of millions in funds.

Want more Such Security Blogs & Reports?

Connect with QuillAudits on :

Linkedin | Twitter | Website | Newsletter | Discord | Telegram

Partner with QuillAudits :