Cryptospace Spotlight 2022 #24 (12 Jun 2022)
US digital bill introduced with many crypto tokens regulated under CFTC, 20M Optimism Token drained, and $6M bounty earned after discovering critical flaw in Aurora!
Technology and Industry
Jack Dorsey aims to build ‘Web5’ powered by Bitcoin, bypass Web3 entirely, and focus on a new Bitcoin-centric model for identity management. [more]
MasterCard is collaborating with central NFT marketplaces to make NFT payments easier. NFT markets are partnering with the company as part of the strategy to increase its web3 presence. The ability to buy NFTs directly through a credit card rather than first acquiring crypto should also be made available to more people. [more]
NFT platform Candy Digital has partnered with video streaming company Netflix to celebrate the release of the fourth season of the Stranger Things series through digital collectibles. Launched last Friday, this is Candy’s first NFT collection outside of sports. [more]
A spokesperson for Crypto.com said that the company recently made the “difficult decision” to carry out “targeted reductions” totaling 260 staffers, or 5% of its workforce. [more]
Changpeng Zhao, the CEO of Binance, shared plans to acquire two licenses that are critical for the firm's operations within the Philippines. [more]
Binance under SEC investigation over its 2017 ICO listing as well as alleged of facilitating $2.35 billion in illicit funds between 2017 and 2020. [more]
United States -
A US digital asset bill was introduced, setting the stage for conversations centered around the likes of stablecoin regulation and taxation — as well as what regulator should oversee cryptocurrency. [more]
The language defines many crypto tokens as “ancillary assets,” or an “intangible, fungible asset that is offered, sold, or otherwise provided to a person in connection with the purchase and sale of a security through an arrangement or scheme that constitutes an investment contract.” Such assets would fall under the Commodity Futures Trading Commission’s (CFTC) jurisdiction, as opposed to the SEC, unless ruled otherwise by a court.
New York’s financial services regulator has issued new guidance on stablecoins, laying out its expectations from issuers operating in the state. [more]
Stablecoins are to be fully backed by a reserve of assets equal to the face value of each stablecoin unit while remaining ready for redemption for US dollars at all times.
Terraform Labs and Do Kwon are ordered to comply with SEC subpoena. [more]
A US federal judge has ordered Kwon to comply with an earlier SEC subpoena that he sought to avoid. The SEC began investigating a Terraform Labs project, Mirror Protocol, last year and served Kwon a subpoena at a New York conference on Sept. 20, 2021, court filings show.
Do Kwon, who now lives in Singapore, had argued the SEC has no jurisdiction over him.
United Kingdom - The finance ministry said that Britain will begin live testing of crypto blockchain technology for traditional market activities such as trading and settlement of stocks and bonds next year as part of a drive to become a global "crypto hub". [more]
Hong Kong - A Hong Kong Securities and Futures Commission statement published on Monday defines which NFTs fall under its mandate, while advising investors to be mindful of regulated securities. [more]
Lithuania - Lithuania aims to tighten crypto regulation and ban anonymous accounts. [more]
The new regulations would tighten up demands for exchange operators — from Jan. 1, 2023, they will be obliged to register as a corporate body with nominal capital amounting to no less than 125,000 euros.
Security and Risk
Optimism Foundation had sent the 20M OP to a wallet controlled by Wintermute, a market maker, tapped to provide liquidity during the launch of the OP token. The tokens ended up in an inaccessible wallet and the attacker was able to drain the tokens before Wintermute could move these tokens to another wallet.
Wintermute accepted blame for the exploit, and had pledged to buy an equivalent amount of OP tokens whenever the attacker sells them.
The attacker returned 17M tokens, sent 1M tokens to Ethereum founder Vitalik Buterin and kept 2M tokens as bounty. [more]
Optimism is a layer 2 rollup chain for Ethereum – a separate blockchain that can process transactions, bundle them up and pass them back down to Ethereum. It helps to scale Ethereum’s “layer 1” network through quick transactions and lower fees.
A exploitable bug came to light when a user deposited funds to a liquidity pool before instantly withdrawing it. The value of the withdrawal was unintentionally 50% higher than the deposit.
Osmosis explained that “The bug itself was simple, and involved incorrect calculation of LP shares when adding and removing liquidity from pools. It should have been caught. It was painfully overlooked in internal testing that was focused on more advanced functionality related to the upgrade.”
The estimated loss due to the bug is $5M.
8 Jun - DeFi platform GYM Network was exploited due with the loss of $2.1M (~7.5K BNB). [more]
The bug is due to the lack of caller verification, which is exploited to increase the balance without making any payment. The stolen funds are now deposited via TornadoCash.
7 Jun - Ethereum bridging and scaling solution, Aurora, pays $6M bug bounty to ethical security hacker through Immunefi [more]
Over $200 million worth of users' funds could have been at risk if the whitehat had chosen to exploit the vulnerability for personal gain instead of reporting it to developers.
The identified critical flaw in the Aurora Engine that would have enabled the infinite minting of ETH in the Aurora Ethereum Virtual Machine to drain and siphon the corresponding nested ETH (nETH) pool on NEAR. At the time of discovery, the pool contained more than 70,000 ETH, worth at least $200 million.
Equalizer Finance suffered a flash loan attack. The main reason for this attack is that the FlashLoanProvider contract of the Equalizer Finance protocol is not compatible with the Vault contract1.
BAYC smart contract function allows unlimited minting of new Apes by single wallet. [more]
NFT Developer foobar has called attention to a Bored Ape Yacht Club smart contract function that would allow a single, non-multi-sig, wallet to mint an unlimited number of new Apes.
The issue has been brought up before, but BAYC has yet to take action.
Equalizer Finance exploit
Equalizer Finance exists FlashLoanProvider and Vault contract, FlashLoanProvider contract provides lightning loan service, users can borrow funds from the Vault contract through the FlashLoanProvider contract by calling the flashLoan function, and the funds of the Vault contract come from the liquidity provided by the user.
The user can provide/remove liquidity through the provideLiquidity/removeLiquidity function of the Vault contract, and the vouchers obtained by the liquidity provision and the funds obtained by the liquidity removal are affected by the ratio of the liquidity balance in the Vault contract to the total supply of liquidity certificates.
In the case of WBNB Vault, an attacker first lends out WBNB from PancakeSwap Lightning Loan 4
For a second WBNB lightning loan operation through the FlashLoanProvider contract, FlashLoanProvider will first transfer the WBNB liquidity in the WBNB Vault contract to the attacker, and then perform a lightning loan callback.
The attacker provides liquidity to the WBNB Vault in the second lightning loan callback, and since the liquidity in the WBNB Vault has been lent to the attacker at this time, the liquidity balance is less than expected, and the attacker will be able to obtain more liquidity credentials than expected.
The attacker first returns the second lightning loan and then removes the liquidity from the WBNB Vault, at which point the attacker will withdraw more liquidity than expected by using the added liquidity to obtain the voucher because the liquidity in the WBNB Vault has returned to normal.
The attacker attacked the Vault contract on each chain in the above way, exhausting the liquidity of Equalizer Finance. The main reason for the attack was that the FlashLoanProvider contract of the Equalizer Finance protocol was incompatible with the Vault contract. The Slow Fog Security team recommends that the protocol should take into account the compatibility between modules when actually implementing it.