Mean Vulnerability Disclosure: Poisonous decimals

⚠️ No funds are currently at risk. Vulnerability was not exploited ⚠️

Yesterday (Saturday 16th of April) at 8:42 PM UTC we received a vulnerability disclosure through ImmuneFi. This vulnerability would allow the attacker to withdraw out user's funds.

Timeline of events:

• 08:42 PM — Report received through ImmuneFi.
• 08:48 PM — ImmuneFi's team escalated the issue.
• 08:50 PM — Team acknowledged issue escalation, confirmed it might be valid and started looking into it.
• 09:50 PM — Team confirmed that this is a vulnerability and communicated with white hat.
• 09:57 PM — We paused all deposits and swaps in deployed chains and we started looking to see if it has been exploited.
• 10:30 PM — Verified that vulnerability hadn’t been exploited.

The vulnerability

Calculations on how many tokens can be withdrawn by a user can be manipulated through a malicious token that allows to change decimals.

Steps to reproduce:

• Deploy a malicious token (let's call it Poison(PSN) ) that lets the attacker control decimals() .
  => Attacker starts malicious token with 18 decimals.
• Create a pool on UniswapV3 with our malicious token and the one we want to steal ( PSN/ETH ) so our OracleAggregator can have an oracle later.
  => Attacker sets 1 to 1 ratio on the pool.
• Create a position in our hub from PSN to ETH
  => With a rate of 0.1 PSN
• Execute swap on pair PSN/ETH .
  => Calculations are made with 18 decimals, so at a 1 to 1 ratio user can withdraw 0.1 ETH
• Change decimals()
  => Attacker sets decimals to 17
• Withdraw funds
  => New calculations are done with 17 decimals so the 0.1 ETH owed becomes 1 ETH

Reducing the chance of vulnerabilities

Sadly, bugs are not uncommon in software. They are part of the journey and that is something all programmers need to live with. Still there are several things we had done in order to reduce the chance of producing them:

• Tests: All our repositories combined have ~800 tests. We even had +99% coverage on the affected repository. We had units, integrations and end to end tests.
• Audits: Our protocol was audited twice, by both Pessimistic and Peckshield.
• Bug bounties: We had a bug bounty program in ImmuneFi.

Takeaways

• Crypto is hard: Humans are prone to errors and blockchains are immutable. There are things we can do to navigate this but everything comes with a trade-off (having upgradeable smart contracts, for example).
• ImmuneFi works: Since the day we set up the bug bounty we received multiple reports: most of them didn't apply, or were minors. But this is a testament on how much exposure and value bug bounties provide. If you are a protocol dev without live bug bounties: GET ON IT ASAP!
• We won't give up: We will do everything in our power to bring secure, accessible and decentralized cost averaging to everyone. This might be a set-back but it will not stop us from meeting our goal.

Path moving forward

• Users can safely withdraw funds by using our webpage, as they did before.
• Users can no longer create new positions on the contract.
• Swaps on this version of the contract will no longer be executed.
• Hub implementation will need to be fixed. In the next couple of days we will announce the steps moving forward and how our processes will change to ensure it doesn't happen again.

🚨Be safe out there

Scammers may want to take advantage of this new information, so just to re-iterate:

• We will never send you private messages, emails or ask for your private keys
• Our only official channels are: Twitter, Discord and Medium.

🙏🏼 Shoutout

Special thanks to the white hat hacker cergyk that did a responsible disclosure through our ImmuneFi's bug bounty.