Really Stupid 'Smart Contract' Bug Let Hackers Steal $31 Million In Digital Coin

An anonymous reader quotes a report from Ars Technica: Blockchain startup MonoX Finance said on Wednesday that a hacker stole $31 million by exploiting a bug in software the service uses to draft smart contracts. The company uses a decentralized finance protocol known as MonoX that lets users trade digital currency tokens without some of the requirements of traditional exchanges. "Project owners can list their tokens without the burden of capital requirements and focus on using funds for building the project instead of providing liquidity," MonoX company representatives say here. "It works by grouping deposited tokens into a virtual pair with vCASH, to offer a single token pool design."

An accounting error built into the company's software let an attacker inflate the price of the MONO token and to then use it to cash out all the other deposited tokens, MonoX Finance revealed in a post. The haul amounted to $31 million worth of tokens on the Ethereum or Polygon blockchains, both of which are supported by the MonoX protocol. Specifically, the hack used the same token as both the tokenIn and tokenOut, which are methods for exchanging the value of one token for another. MonoX updates prices after each swap by calculating new prices for both tokens. When the swap is completed, the price of tokenIn -- that is, the token sent by the user -- decreases and the price of tokenOut -- or the token received by the user -- increases.

By using the same token for both tokenIn and tokenOut, the hacker greatly inflated the price of the MONO token because the updating of the tokenOut overwrote the price update of the tokenIn. The hacker then exchanged the token for $31 million worth of tokens on the Ethereum and Polygon blockchains. There's no practical reason for exchanging a token for the same token, and therefore the software that conducts trades should never have allowed such transactions. Alas, it did, despite MonoX receiving three security audits this year. "These kinds of attacks are common in smart contracts because many developers do not put in the legwork to define security properties for their code" said Dan Guido, an expert in securing smart contracts and CEO of security consultancy Trail of Bits. "They had audits, but if the audits only state that a smart person looked at the code for a given period of time, then the results are of limited value. Smart contracts need testable evidence that they do what you intend, and only what you intend. That means defined security properties and techniques employed to evaluate them."

According to Blockchain researcher Igor Igamberdiev, the drained tokens included $18.2 million in Wrapped Ethereum, $10.5 in MATIC tokens, and $2 million worth of WBTC, along with small amounts of tokens for Wrapped Bitcoin, Chainlink, Unit Protocol, Aavegotchi, and Immutable X.

Is it a bug...

[garyisabusyguy]

...if it was designed to do that?

Just askin' for a friend

Re:

[Lisandro]

That's actually a very legit question. There were two independent audits of the Monoswap contract; how came no one notice this (obvious) bug?

Re:

[Deal In One]

Maybe it was a (hidden) feature and not a bug? ;)

Re:

[Lisandro]

Wait, you're telling me the crypto industry is shady? *monocle drop*

Re:

[DarkOx]

Simple because of the way application audits are done.

1) Usually the auditors customer is also the organization that wrote the software
I am not saying this is an inherent conflict, they might legitimately want to know about as many problems as possible to reduce their own exposure but...usually they also want to be able to tell their customers hey we had an audit and it was either clean or we addressed every issue! People don't like getting reports from auditors where the issues are merely speculative thoug

Re:

[Lisandro]

Note that all of the three options you list just means that the auditor was unqualified for the job at hand.

Re:

[DarkOx]

That is a viewpoint. The alternative viewpoint is auditors are generally their to determine if the evidence suggests what is being said is 'likely' to be accurate.

You have some do a security audit of the application your team built because they told you they know what current best practices are and followed them, because they told you the architecture team carefully considered the abuse cases and designed around them.

If you did not believe those things (hopefully) you would not be looking to go live in the

It's almost like

[OrangeTide]

It's almost like we should regulate and indemnify financial software. Nah, there is so much freedom and profit running this like it's the wild west. Because stage coach robberies seem really romantic, or at least make for interesting journalism.

Re:

[Ol Olsoc]

Yeah, but it was Blockchain! Best thing to come down the pike since the cloud.

Re:

[doesnothingwell]

Wall Street only much much much funnier, us mortals just don't get Doh-Finance.

Re:

[Ol Olsoc]

Wall Street only much much much funnier, us mortals just don't get Doh-Finance.

So many people don't seem to understand that theft of other people's money is the core of the fake coins.

The amazing thing to me is that banks are starting to ge a woody about the funny money.

If you thought the housing bubble bursting was bad, just wait!

Re:

[phantomfive]

Satoshi Nakamoto was a very good practical coder, so Bitcoin is very solid.
A lot of the people making alt-coins are not very good practical coders, and as a result you see these kinds of hacks.

Note: now that Bitcoin has been modified to allow "smart contracts," we will also likely see these kinds of hacks on Bitcoin, too.

Re: It's almost like

[1s44c]

The bug was in the smart contract, not the coin itself.

Re:

[nickersonm]

Smart contracts are programmed using features of ETH itself. But saying this bug is the fault of ETH is like saying a SQL injection bug in an application is the fault of C++.

Re:

[Ol Olsoc]

The bug was in the smart contract, not the coin itself.

Go look at how the housing bubble nearly caused the Great depression, rev 2.

That's how we does stuff, and the pretend money digital coins are no different.

Re:

[blahabl]

It's almost like we should regulate and indemnify financial software. Nah, there is so much freedom and profit running this like it's the wild west. Because stage coach robberies seem really romantic, or at least make for interesting journalism.

Yes, I totally don't get why the government doesn't just pass a law saying that all software must be secure. End all hacking with just one signature! Next, they should mandate universal happiness.

Re:

[OrangeTide]

They could probably end nuclear war if they made it illegal. That's just shy of world peace, but I'm willing to take it.

You could make running a shit show IT and Dev department completely unprofitable if you open businesses up to civil penalties if they ignore some really basic oversight and standards for software development process. The really brilliant coders will hate working on heavily regulated projects, but oh well, there is plenty of fun stuff to do outside of finance and security.

Re:

[sjames]

And then there will be no more financial software. Anyone good enough to do it will go somewhere that's less of a pain in the ass leaving only those who would create too many liabilities to let them actually write the software.

Re:

[OrangeTide]

except there are already regulations and required processes for financial, medical devices, and automotive software. And yet I and hundreds of my coworkers are getting paid every two weeks for two out of three of these. Hmmm.

Re:

[sjames]

If they're already regulated, why the call for regulation?

Re:

[Lisandro]

Nah, they just need to acknowledge perfect software is impossible, and pass legislation regulating automated contracts. For example, there should always be recourse for bugs like this one.

Re:It's almost like

[tlhIngan]

It's almost like we should regulate and indemnify financial software. Nah, there is so much freedom and profit running this like it's the wild west. Because stage coach robberies seem really romantic, or at least make for interesting journalism.

Well, that's why the financial system IS regulated. But some people got fed up of all the red tape they created their own decentralized currencies using Blockchain. Of course, now we end up with the exact same problems that caused us to regulate things in the first place

Re:

[h33t l4x0r]

Yes let's pass a law that software can't have bugs.

Re:

[OrangeTide]

Why not have software developers publicly canned for each bug and bring the hyperbole to full dramatic effect?

Making a bad thing worse

[haus]

People are frustrated that contracts are hard to understand. Over centuries basic agreements that make up the legal framework for all the economic transaction we engage have become
Increasingly convoluted. In part this is to address the problems that have been experienced, some of it is people trying the tilt the playing field in their favor, and also there is an element of attorneys trying to make themselves important by gobing things up with cruft that is not meant to be understood.

So âoesome genius

just need to confuse 1 jury member to get hung

[Joe_Dragon]

just need to confuse 1 jury member to get hung

Re:

[garyisabusyguy]

Nothin like a well hung jury [youtube.com]

Re:

[rgmoore]

This in only true in criminal cases. In civil cases, which is where contracts will most frequently wind up, the requirement may be lower. Here in California, for instance, a civil jury only needs to get a 3/4 majority to decide a case. The burden of evidence is also lower. The net result is that it's a lot harder to hang a civil jury than a criminal one.

Re:

[phantomfive]

Software code is mathematically precise, legal code is not. It would be an improvement if we could figure out a way to make legal code mathematically precise (arguably it's not possible).

Re:

[haus]

Bullshit

At best code strives to be mathematically precise, but it rarely is. Errors abound all over the place, often related to misunderstandings of the functions that are being utilized or of the actual nature of what is being computed.

In reality this is not that different than the errors that creep into contracts and regulations.

Just because you manage to get an output by pushing data into code does not mean that this output is valid or a true representation of the intent of the programer much less the pa

Re: Making a bad thing worse

[1s44c]

Technically it is mathematically precise, it just may not precisely model what the coder intended it to model.

Re:

[Lisandro]

Code is, more often than not , anything but "mathematically precise". Trying to predict what code will do is a variant of the Halting Problem [wikipedia.org], which Turing proved cannot be resolved.

Ethereum smart contracts, for example, are Turing-complete.

Re:

[sjames]

That's the thing. Code can be precise but it can require herculean effort to cover every possible corner case. And that's where the devil lives. We see daily reports where someone finds and exploits yet another corner case. Many times by doing something that nobody would ever even want to do except for the benefits from the exploit (for example, the one in TFA).

Pretty much every contract dispute that goes to court is one of those annoying corner cases. Often a genuine mis-understanding from one or both part

Code is law

[crgrace]

This has always been one of the issues with Smart Contracts.

Software is hard, and provably correct software is harder. There will always be bugs.

The industry is screaming for regulation.

Re:

[jbmartin6]

I'm drawing a blank on how regulation would prevent the exploitation of logic errors in 'smart' contracts. The whole point is that they operate exactly as instructed, if you had to build in some kind of human arbitration options you would just have a regular contract. Which would be much smarter.

Re:

[sjames]

The industry is screaming for regulation.

By who? Someone who does NOT have a sufficient understanding of CS to see why it is impossible to ever be certain all bugs are fixed?

Would that not be a bug in the runtime/interpreter

[angel'o'sphere]

In my opinion, the bug is in the interpreter of the smart contract execution engine.

If the code allowed it, they didn't steal it.

[TheNameOfNick]

If you fork the blockchain to change the rules ex-post, then YOU are the thieves.

Bug explained

[FeelGood314]

X amount of token IN were traded for Y amount of Token OUT
They had a function to update the prices of IN and OUT.

calcPrice(X, IN, Y, OUT)
{
originalInPrice = IN.price;
originalOtPrice = Out.price;

//some calculations that will lower IN price and raise OUT price


IN.price = newInPrice;
Out.price = newOutPrice;
}

Now if IN==OUT the price of the tokens should be unchanged but the above code raises the price.

This might be obvious to anyone who has dealt with atomic operations or race conditions but to most app developers it isn't. Also most audits are total crap. A good Common Criteria audit will cost you over half a million dollars, take 6 months and probably wouldn't catch this.

Re:

[Lisandro]

^^^ This.

As noted above, Monoswap had multiple independent audits, and apparently no one noticed this rather obvious issue.

Liable

[dromgodis]

I am sure that the company will be held liable for letting their product or service (I can't tell what they are actually providing) create this mess.

Not-so-smart contract after all.

[Bu11etmagnet]

I'm always suspicious when something has "smart" in its name (see: smart home). This "smart" contract seems to be on par with "smart" quotes.

Cost of continuous integration model

[misnohmer]

Good for the hacker, they earned their QA fee. Defi has a choice of following strict coding standards, QA, etc, or let the public test it for them. Losing 30 million dollars every once in a while might still be cheaper than strict adherence to standards and extensive QA, not to mention time-to-market, and the fact that even following all the standards doesn't guarantee bug free software (thought it does catch or prevent a lot, at a cost).

Working as intended, which is so fucking stupid

[Lisandro]

Loved Schneier's take on the subject [schneier.com]:

(...) The article goes on to talk about how common these sorts of attacks are. The basic problem is that the code is the ultimate authority — there is no adjudication protocol — so if there’s a vulnerability in the code, there is no recourse. And, of course, there are lots of vulnerabilities in code.

To me, this is reason enough never to use smart contracts for anything important. Human-based adjudication systems are not useless pre-Internet human baggage, they’re vital.

Nice thing about digital currency and blockchain

[belthize]

Is once you find a loop hole and steal somebody's money you can be damned sure its your money now and there's nothing anybody can do about it.

I like the steps taken. The first one was

Tried to make contact with the attacker to open a dialogue through submitting a message via transaction on ETH Mainnet

The last one was

Additionally, we will file a formal police report

Basically we asked nicely for the money back but that didn't work so after some hand wringing we plan to call the cops who will be able to do fuck all about it.

Re:

[Lisandro]

Can the police do fuck all about this to begin with?

I mean, the guy used MonoX smart contracts exactly as they were offered.

Re:

[belthize]

Yeah, it's not at all clear an actual crime was committed.