Explained: The Sovryn Hack (October 2022)

The Sovryn attacker performed a flash loan attack, taking advantage of a price manipulation vulnerability in Sovryn’s legacy Lend/Borrow protocol. The iToken price calculation code within the project’s smart contracts changes every time a user interacts with a lending pool’s positions. This allows the attacker to push up the perceived value of a token and drain value from the protocol.

In this case, the exploit combined price manipulation with an unsafe external call. The attacker took out a flashloan and deposited it into a Sovryn contract to use as collateral for a loan of 52,999 side tokens.

The malicious contract then called the closeWithDeposit function to repay the collateral on their loan. While within this function, the attacker took advantage of an unsafe external call to execute their attack contract. This external call allowed the attacker to mint 26,000 side tokens into 22,653 load tokens.

When the smart contract calculates the load token price, it uses the number of existing side tokens. At this point, the number of side tokens was incorrect, resulting in the attacker receiving excess load tokens.

The 22,653 load tokens were then burned in exchange for 27,086 side tokens, which was more than the 26,000 side tokens used to mint them. As a result, the attacker was able to drain value from the protocol.

The Sovryn hack took advantage of a couple of vulnerabilities. The design of the protocol’s price calculation code made it vulnerable to price manipulation and flash loan attacks. Additionally, its unsafe calls to external functions enabled the attacker to take advantage of incorrect state information with the protocol.

Performing a smart contract audit before launching projects to the blockchain can limit the risk and cost of these types of vulnerabilities. To learn more about how Halborn can secure your DeFi project, reach out to our Web3 security experts at halborn@protonmail.com.