On June 26, decentralized finance (DeFi) aggregator Chibi Finance was exploited by its own deployer account, and $1 million worth of cryptocurrency wa
On June 26, decentralized finance (DeFi) aggregator Chibi Finance was exploited by its own deployer account, and $1 million worth of cryptocurrency was drained from its contracts in an apparent rug pull or exit scam. The protocol’s official user interface disappeared, producing a 404 error, and all social media for the app was taken down. After the funds were drained, they were swapped for Wrapped Ether (WETH) and bridged to Ethereum, where they were afterward sent to Tornado Cash by the attacker.
The price of the Chibi Finance (CHIBI) governance token fell by over 90% as the news broke.
But “rug pulls” shouldn’t be possible in DeFi. After all, these apps, by definition, don’t run on centralized infrastructure. So the app’s creator shouldn’t be able to run off with everyone’s crypto or cash.
For this reason, it might be useful to analyze how the alleged scam was pulled off.
CertiK has produced a detailed report after investigating the incident. When combined with blockchain data, this report can shed light on how the attack occurred and what users can do to protect themselves against similar attacks or scams in the future.
The Chibi Finance app
Before its user interface went offline, Chibi described itself as “the most popular yield aggregator on Arbitrum.” It claimed to allow users to gain yield from across the Arbitrum ecosystem.
According to CertiK, the DeFi aggregator has been growing in total value locked (TVL) — a measurement of the value of crypto held in an app’s contracts — since it launched in April. On June 21, Chibi announced it had achieved $500,000 in TVL. At the time, the team stated a goal to reach $1 million.
On June 26, the app was listed on CoinGecko for the first time, giving it greater exposure. It seems to have reached its $1 million goal shortly after this event, right before the tokens were drained from its contracts. As a result, investors lost over $1 million worth of crypto in the attack or scam.
Chibi Finance contracts
The attack exploited a loophole in eight different contracts used in the Chibi Finance protocol. These contracts were forked from other projects and were not unique to Chibi. For example, one of them was StrategyAave.sol at Arbitrum address 0x45E8a9BA6Fcd612a30ae186F3Cc93d78Be3E7d8d, which has also been deployed to several other addresses on Abitrum, Ethereum, the BNB Smart Chain and other networks.
Another example is the StrategySushiSwap.sol contract at 0x9458Ea03af408cED1d919C8866a97FB35D06Aae0. This also has several versions on Arbitrum and other networks.
These contracts appear to be commonly used in DeFi aggregator applications, not just Chibi Finance.
Related: DeFi aggregation: Paving the way for mass adoption
Panic function
Blockchain data reveals that some of the contracts used by Chibi Finance contain a “panic” function that can be used to withdraw all tokens from a pool and send them to a particular address. This function was essential to the attacker’s method. Here is an explanation of how it works, with StrategySushiSwap.sol being used as an example:
Lines 340–343 of StrategySushiSwap.sol state that if the panic() function is called, it will call a second function named “emergencyWithdraw” on the ISushiStake contract.
The ISushiStake contract, in turn, is just an interface. It contains no executable code. Instead, it points to the SushiSwap: MiniChefV2 contract at 0xF4d73326C13a4Fc5FD7A064217e12780e9Bd62c3.
The MiniChefV2 address is listed as an official contract for the decentralized exchange, SushiSwap. So the “panic” function calls an “emergencyWithdraw” function within SushiSwap.
At the SushiSwap address, the emergencyWithdraw function can be seen on lines 626–643.
This function allows the owner of funds to withdraw without taking rewards. This may be useful in an emergency. For example, a user may want to call this function if a bug in the reward contract causes them not to be able to receive rewards.
The emergencyWithdraw function has a failsafe to prevent use by unauthorized persons. It states on line 360, “UserInfo storage user = userInfo[pid][msg.sender],” meaning that the “user” is defined as the sender of the message. Under normal circumstances, this should allow a user to emergency-withdraw their own funds, but not funds belonging to anyone else.
There does not appear to be anything malicious about this function in SushiSwap. However, a problem can arise if the user does not call this function directly from their own wallet.
For example, when a user deposited funds using Chibi Finance, their crypto was sent to SushiSwap by the StrategySushiSwap contract, not by the end-user directly. This meant that the Chibi Finance app was recognized as the “user” when attempting to emergency-withdraw funds. This, in…
cointelegraph.com