How Impermax V3 Lost $300k+ in a Flashloan Attack?
Impermax V3 is a lending and borrowing protocol that lets users borrow assets against their LP Positions from platforms like Uniswap.
On 26th April, at 10:43 UTC, the attack occurred on the base chain, siphoning ~300k in liquidity from the pool, leaving the protocol in bad debt as reported by the team in their Medium post. The attacker used a Flash Loan to perform the attack. The analysis covers the hack details, how it happened, the attack flow, and the funds lost.
Hack Analysis and Its Impact
The attacker (0xE3223f7E3343c2C8079f261D59ee1e513086C7C3) initially took a flashloan from Morpho to fund the attack.
The attacker initially provided the liquidity into a Uniswap V3 Liquidity pool (WETH/ USDC), which has a 1% fee tier. The attacker increased the price range of this pool and did multiple swaps to accrue fees on their LP position in the particular price range.
Once the position earned a lot of fees from the swap, the attacker used the same LP position to borrow WETH from Impermax. Once they borrowed the funds from the protocol, they reinvested the fees into the new LP position, which is where the protocol minted liquidity in the wrong price range, leading to a sharp decline in the position value and putting the protocol into bad debt.
As can be seen in the transaction, the attacker first borrowed the funds, then reinvested the fees from the LP position, and self-liquidated themselves by calling restructureBadDebt. Since the position got liquidated, there is no downside for the attacker as they successfully siphoned the funds out of the protocol.
The following is a depiction of the attack flow to understand it better:
Flow of Funds Post Attack
The contract address created by the exploiter is 0x98E938899902217465f17CF0B76d12B3DCa8CE1b, which transferred the funds to another address of the exploiter, 0xE9f853d2616ac6b04E5fC2B4Be6EB654b9F224Cd, which then transferred the funds to multiple different wallets and went dark.
Relevant Transactions
0xde903046b5cdf27a5391b771f41e645e9cc670b649f7b87b1524fc4076f45983
0xad4fc3156666d5402f00dcfd5c183493d283f4166a6dd581dd8c0a895e826a56
How could the attack have been prevented?
Understanding how vulnerabilities are exploited and taking proactive measures is crucial for any DeFi project. While each attack is unique, there are effective strategies that could have potentially mitigated or even prevented this specific flashloan exploit.
To fully understand the preventive steps and safeguard your project, explore our comprehensive guide on securing DeFi protocols.
We break down the best practices and security measures you can implement today.
Hacks are common in the crypto space, and they require immediate attention. One way to provide the required attention is to go through a robust audit process. A great audit process is a mixture of great auditors, a layered approach for testing, and clear communication. At QuillAudits, we make sure that happens using our 7+ years of experience and talented team.
