According to the Beosin EagleEye security risk monitoring, early warning and blocking platform monitoring of the blockchain security audit company Beosin, the DeFi lending agreement Themis Protocol was attacked on June 28, 2023, and the attacker made a profit of about 370,000 US dollars. Beosin Trace tracked It was found that 130,471 USDC, 58,824 USDT, and 94 ETH had been stolen. At present, the stolen funds have been transferred to the 0xDb73eb484e7DEa3785520d750EabEF50a9b9Ab33 address of Ethereum. The reason for the attack is that there is a problem with the implementation of the oracle machine, which leads to the manipulation of the oracle machine.
The attack transaction is: 0xff368294ccb3cd6e7e263526b5c820b22dea2b2fd8617119ba5c3ab8417403d8. The core of the attack is that the attacker exchanged a large amount of WETH for wstETH before borrowing, so that the oracle machine was manipulated when obtaining the price, causing the attacker to lend 317WETH with only 55WETH.
As shown in the figure, when the getAssetPrice function calls the Balancer: Vault.getPoolTokens function, the amount of wstETH and ETH is manipulated from the normal 2,423 : 2,796 to 0.238 : 42,520, thereby manipulating the oracle.
The attack transaction is: 0xff368294ccb3cd6e7e263526b5c820b22dea2b2fd8617119ba5c3ab8417403d8. The core of the attack is that the attacker exchanged a large amount of WETH for wstETH before borrowing, so that the oracle machine was manipulated when obtaining the price, causing the attacker to lend 317WETH with only 55WETH.
As shown in the figure, when the getAssetPrice function calls the Balancer: Vault.getPoolTokens function, the amount of wstETH and ETH is manipulated from the normal 2,423 : 2,796 to 0.238 : 42,520, thereby manipulating the oracle.