Fortress Protocol is the lending arm of JetFuel Finance on the BSC chain. Fortress is a synthetic stable coin system and algorithmic money market meant to provide secure and trustless credit and lending to Binance Smart Chain users.

By promising an over-collateralized quantity of cryptocurrency to the network, Fortress allows investors to lend and/or borrow coins. Fortress accomplishes this by utilizing money markets, which are collections of assets with algorithmically determined interest rates depending on supply and demand. Users that opt to give liquidity to Fortress receive compounded interest as an incentive for doing so. Users are given the option to mint stable coins or borrow other assets against their supplied assets when they contribute assets. By over-collateralizing and paying interest on the amount borrowed, a user can borrow assets or create stable coins after supplying assets to Fortress.

On 9th May 2022, Fortress experienced an oracle manipulation attack draining all funds.

1,048.1 ETH & 400,000 DAI got drained in the attack. The attack was the result of a weak oracle and governance process. 

How did the attack happen?

BlockSec, a leading auditor in the space explained the Fortress manipulation. The protocol’s price oracle was vulnerable to manipulation as the price submit() function is publicly callable.

Let’s summarise what actually happened.

1. The attacker purchased around 100 $FTS tokens. 
2. Then took control of the governance contract to add FTS as collateral (with a factor of 700000000000000000). The malicious governance proposal was active for 3 days. Why was the suspicious vote not addressed?

3. Manipulated the loan contract as explained by BlockSec

4. Finally borrowed a large number of assets from the loan contract

5. They then bridged the funds to Ethereum & sent it to Tornado cash.
6. The Oracle transaction data:

7. Attacker’s address on BSC and ETH: 0xA6AF2872176320015f8ddB2ba013B38Cb35d22Ad

Fortress lists ChainLink among its collaboraters, however, it was found that Chainlink’s expertise was not a part of the collaboration. Fortress Protocol was audited by both Hash0x and EtherAuthority. 

Let’s understand more about Oracle.

We need an intermediary to bridge the off-chain service and Blockchain protocols to retrieve off-chain data and publish it on Blockchain. This job is done by an oracle. This data is important because it is then used by smart contracts to execute functions. Oracles also transfer data and instructions from smart contracts to off-chain systems. 

The topmost priority for the proper functioning of oracles is that they must be fed with accurate data and remains resistant to manipulation.

The top oracles are: 

1. Chainlink Oracle.
2. Uniswap V3 Oracle
3. Coinbase Oracle.

Oracle Manipulation attacks in the past.

• Synthetix MKR  Manipulation: In December 2019, Synthetix was attacked again due to price oracle manipulation. 
• bZx hacking incident: In February 2020, bZx was hacked twice consequently in a span of a few days and lost about $1 million.
• yVault Vulnerability: On July 25, 2020, yEarn reported a bug with their newly launched yVault contract that caused millions out of the contract.
• Harvest Finance Attack: On October 26, 2020, an unknown user hacked into Harvest Finance’s liquidity pool