Moola Market $9 Million Price Manipulation Attack | QuillAudits

Table of Content:
1. Summary
2. Introduction to Moola Market
3. Vulnerability Analysis
4. The Attack flow
5. After the Exploit
6. Status of Funds
7. Preventions Measures
8. Reference

Summary:

On the 18th of October, 2022, Moola Market (Liquidity Protocol on the Celo Blockchain) was exploited for approximately $9 million. The attacker used price manipulation vulnerability to steal those funds. After the hack, the attacker returned 93% of the stolen funds back to Moola Governance Multi-Sig Wallet.

Introduction to Moola Market

Moola is a non-custodial liquidity protocol built on the Celo blockchain that is democratizing access to yield and credit. Depositors earn yield which is paid for by borrowers who are able to take over-collateralized loans in perpetuity or under-collateralized flash loans.

Read more about the protocol here.

Vulnerability Analysis:

The main cause for the attack was Price Manipulation Vulnerability which is a very common attack vector in DeFi. The attacker swapped CELO tokens for MOO tokens, then locked MOO tokens to get CELO tokens. Again used CELO tokens to buy more MOO tokens.

He repeated it multiple times and started manipulating the price of MOO on Ubeswap, which led to the manipulation of the MOO TWAP price oracle used by Moola Protocol.

Attacker’s address: 0x5DAE2C3d5a9f35bFaf36A2E6edD07c477f57789e

The Attack Flow

  1. The attacker funded his EOA with 182K CELO tokens from Binance.(0xf6436829cf96ea0f8bc49d300c536fcc4f84c4ed)

2. Then he swapped CELO tokens for MOO tokens by calling the Swap function.

3. Now, the attacker locked the swapped $MOO tokens as collateral and borrowed CELO tokens. And buys the MOO token with the borrowed CELO token.

4. He then repeated the above steps and after each swap, the price of MOO corresponding to CELO gets higher, and finally the price of MOO token increased from 0.02 CELO to 0.73 CELO.

5. When the MOO token price increased, the attacker borrowed the remaining assets on the protocol and drained all liquidity which amounts to around $8.4 million. Below is the list of assets stolen by the hacker:

After the Attack

Moola Market tweeted that they had contacted law enforcement and taken steps to make it difficult to liquidate the funds. Further, they added that they are willing to negotiate a bounty payment in exchange for returning the funds within the next 24 hours.

Status of Funds

The attackers returned around 93% of the stolen amount to the Moola Market Multisig Wallet.

The attacker further donated 50,000 CELOs to the impact market to support thousands of families. Further, He kept 650,000 CELOs as a bounty.

https://twitter.com/mbarrbosa/status/1582515890767421441

Prevention Measures for Price Manipulation Bugs:

The best way to enhance platform security is by using the service of a robust decentralized oracle such as Chainlink or by aggregating many different price feeds. If a platform decides to simply use an on-chain oracle, then there are a few precautionary measures available to improve platform security. They should use oracles based on pools with deep liquidity so that an attacker will be hard-pressed to skew the prices enough for an attack to be worthwhile.

Reference:

https://twitter.com/Moola_Market/status/1582432297835368449
https://rekt.news/moola-markets-rekt/

Web3 security- Need of the hour

Why QuillAudits For Web3 Security?
QuillAudits is well-equipped with tools and expertise to provide cybersecurity solutions saving the loss of millions in funds.

Want more Such Security Blogs & Reports?

Connect with QuillAudits on :
Linkedin | Twitter | Website | Newsletter | Discord | Telegram

--

--