Home

/
/
Oracle Manipulation attack on Fortress

Oracle Manipulation attack on Fortress

Akansha

May 12, 2022

Introduction​

Fortress Protocol is the lending arm of JetFuel Finance on the BSC chain. Fortress is a synthetic stable coin system and algorithmic money market meant to provide secure and trustless credit and lending to Binance Smart Chain users.

By promising an over-collateralized quantity of cryptocurrency to the network, Fortress allows investors to lend and/or borrow coins. Fortress accomplishes this by utilizing money markets, which are collections of assets with algorithmically determined interest rates depending on supply and demand. Users that opt to give liquidity to Fortress receive compounded interest as an incentive for doing so. Users are given the option to mint stable coins or borrow other assets against their supplied assets when they contribute assets. By over-collateralizing and paying interest on the amount borrowed, a user can borrow assets or create stable coins after supplying assets to Fortress.

On 9th May 2022, Fortress experienced an oracle manipulation attack draining all funds.

1,048.1 ETH & 400,000 DAI got drained in the attack. The attack was the result of a weak oracle and governance process. 

Jetfuel announced the hack
The site is now down

How did the attack happen?

BlockSec, a leading auditor in the space explained the Fortress manipulation. The protocol’s price oracle was vulnerable to manipulation as the price submit() function is publicly callable.

Let’s summarise what actually happened.

  1. The attacker purchased around 100 $FTS tokens. 
  2. Then took control of the governance contract to add FTS as collateral (with a factor of 700000000000000000). The malicious governance proposal was active for 3 days. Why was the suspicious vote not addressed?
Governance Manipulation
  1. Manipulated the loan contract as explained by BlockSec
Fault in the contract
  1. Finally borrowed a large number of assets from the loan contract
Manipulation
  1. They then bridged the funds to Ethereum & sent it to Tornado cash.
  2. The Oracle transaction data:
  1. Attacker’s address on BSC and ETH: 0xA6AF2872176320015f8ddB2ba013B38Cb35d22Ad

Fortress lists ChainLink among its collaboraters, however, it was found that Chainlink’s expertise was not a part of the collaboration. Fortress Protocol was audited by both Hash0x and EtherAuthority. 

Let’s understand more about Oracle.

We need an intermediary to bridge the off-chain service and Blockchain protocols to retrieve off-chain data and publish it on Blockchain. This job is done by an oracle. This data is important because it is then used by smart contracts to execute functions. Oracles also transfer data and instructions from smart contracts to off-chain systems. 

The topmost priority for the proper functioning of oracles is that they must be fed with accurate data and remains resistant to manipulation.

The top oracles are: 

  1. Chainlink Oracle.
  2. Uniswap V3 Oracle
  3. Coinbase Oracle.

Oracle Manipulation attacks in the past.

  • Synthetix MKR  Manipulation: In December 2019, Synthetix was attacked again due to price oracle manipulation. 
  • bZx hacking incident: In February 2020, bZx was hacked twice consequently in a span of a few days and lost about $1 million.
  • yVault Vulnerability: On July 25, 2020, yEarn reported a bug with their newly launched yVault contract that caused millions out of the contract.
  • Harvest Finance Attack: On October 26, 2020, an unknown user hacked into Harvest Finance’s liquidity pool

Image Source

Akansha

Akansha is a computer engineer who enjoys writing. She has been researching & developing in the Blockchain field since 2018. She is passionate about writing technical articles on Blockchain so that more people can learn about this innovative technology. "HODL Blockchain," she says.

Get the day’s top crypto news and insights delivered to your inbox every evening.

Subscribe to Blockworks’ free newsletter now.

More articles

SEE ALL

Aave DAO, the governance body of the Aave Protocol, have voted…
Bitcoin prices are moving higher following the U.S. FED decision to…
Kraken will likely get a fine from the U.S. Treasury Department…
Bit.com, a full suite cryptocurrency exchange, announced the release of USD…