fix
spherex Blog

From Update to Exploit: How Web3 Updates Become Targets for Hackers

2 min read ・ Jul 17, 2024 ・by Chen Galed
Warning, update!

The world of Web3 promises innovation, transparency, and decentralization. Yet, it also faces unique challenges, especially in the realm of protocol updates. This blog post explores a phenomenon that, while not new, is often overlooked: the surge in Web3 hacks following protocol updates. This issue deserves the attention of both users and protocol owners, as understanding its root causes can help in crafting more robust defenses against such exploits.

Let's delve into the reasons why updates can present opportunities for attackers:

  • New Code, New Vulnerabilities: Updates often introduce fresh code, and within that code, potential vulnerabilities can lurk. Hackers scan these updates meticulously, looking for exploitable weaknesses before anyone else identifies them.
  • Misconfiguration Mishap: Updates can sometimes lead to misconfigurations within the protocol itself. This misalignment can create unforeseen loopholes that attackers can leverage to their advantage.
  • Opportune Environments: Certain updates, like the creation of a new market, might unintentionally offer attackers a new environment perfectly suited for an exploit.
  • Spotlight Effect: Updates often bring protocols back into the public eye. This increased attention can attract malicious actors who see an opportunity to strike while the iron is hot.

Some examples for post update hacks:

The following are just a few documented cases where hacks followed protocol updates:

  • WildCredit:  On May 27, 2021, the lending protocol WildCredit on the Ethereum chain was exploited for ~$650k, just 4 days after an update.
  • Beanstalk: A permissionless fiat stablecoin protocol, that was the victim of a whopping $181M hack on April 17, 2022. The attack on the Ethereum chain happened only 15 days after an update.
  • Ulme: On October 25, 2022, Ulme Token was attacked by a hacker, just 6 days after deploying a new contract. More than $50K were lost.
  • Sheep Farm: An investment blockchain game, was hacked on November 15, 2022 for $72K. The attack happened 6 days after an update, due to incorrect registration implementation

 (Sheep Farm’s attack transaction via Bscscan)

  • SushiSwap: A popular decentralized exchange that has faced an exploit on April 9, 2023, in which $3.3M were lost. The attack on Ethereum happened only 4 days after a new routing contract was launched.
  • Level Finance: On May 1, 2023, just two weeks after a significant update, Level Finance—a decentralized liquidity marketplace—suffered an attack. The update involved the deployment of the LevelReferralControllerV2 contract, which unfortunately contained a business logic flaw and incorrect calculations. These vulnerabilities were exploited, resulting in a loss of $1.1 million.
  • Radiant: On January 2, 2024, the Radiant Protocol, deployed on Arbitrum, was subjected to the theft of approximately $4.5M. The attacker took advantage of a new market launch to attack only 15 seconds afterwards.
  • Gamma: Gamma suffered a loss of over $6.3M on January 4, 2024 due to a price manipulation vulnerability. The attack occurred 23 days after a new Hypervisor contract of Gamma Strategies was added.
  • Pike Finance: On April 30, 2024, Pike Finance was attacked due to an uninitialized proxy vulnerability. This flaw, introduced during an update that followed another hack just four days earlier, led to a total loss of over $1.4 million. The breach allowed the attacker to exploit the initialize function and add his address to the _isActive variable.

(Peek Finances’s attack transaction via EtherScan)


  • Dough Finance: On July 12, 2024, Dough Finance was exploited for ~$1.8M. The root cause for the attack was due to unvalidated input in the ConnectorDeleverageParaswap contract, which was deployed less than one month prior to the attack.
  • RES, DFX, GPU, Shido, Predy Fincance and numerous other protocols also experienced an attack after the going through an upgrade.

What Can Be Done?

This trend underscores the importance of robust security practices in Web3 development. Here are some steps forward:

  • Extensive Testing: Rigorous internal testing before deployment can help uncover potential issues.
  • Thorough Audits: Pre- and post-update audits by reputable security firms are crucial in identifying and patching vulnerabilities.
  • Community Involvement: Encouraging white-hat hackers and security researchers to participate in bug bounty programs strengthens the protocol's defenses.
  • Transparency is Key: Clear communication about updates, potential risks, and mitigation strategies builds user trust.
  • Real-time on chain security: Look for real-time protection tools that can revoke malicious transactions before they cause damage, and by that prevent the attack.

Safe update process using spherexProtect

spherexProtect is an on-chain tool that can identify and stop malicious transactions before they are finalized, while maintaining the contract’s continuity. This is done by integrating the spherex solution into the the protocol’s own code. This seamless integration then provides observability into the state of the protocol during each step of the transaction execution. This process is even easier for upgradable contracts, as the integration is done on the proxy contracts, leaving the implementation contracts untouched.

When a contract is updated (leading to behavior change) spherexProtect can detect and inspect the behaviors it enables during development - using existing tests, or by performing a short run on a Testnet. These practices are standard during smart contract development. Due to the integrated nature of our solution, we allow the owner of the protocol to inspect any new behavior and approve it in advance, before deployment to production chains.

(A hacker looking fora vulnerability in the updated protocol’s code)            

Conclusion

By acknowledging this trend and taking preventative measures, both users and protocol owners can work together to create a more secure Web3 ecosystem.

Remember: Users –  Be cautious when interacting with recently updated protocols.  Do your research and understand the changes before committing your funds.

Protocol Owners:  Security is paramount. Invest in robust security practices and prioritize the safety of your users' assets.

Together, we can build a stronger future for Web3, one in which innovation thrives alongside robust security.

About the author

Chen Galed
Data Scientist
Follow

Chen has a Ms.c in Software and Information Systems Engineering from Ben Gurion University. She worked for several years as a data scientist and researcher in projects, both in the cyber and financial industries, before joining spherex’s research team.

Tags
spherex Blog
Continue your reading with these value-packed posts
spherex Blog
Working with Slither for Fun, for Profit, or for Useful Information
Slither not only detects vulnerabilities but also visualizes contract structures, helping you ensure security and efficiency.
Read more
next icon
3 min read ・ Sep 30, 2024 ・by Shira Shalev
spherex Blog
DORA: The New Guardian of Digital Finance
DORA mandates cybersecurity measures, including risk management and incident reporting, for smart contract owners, ensuring compliance.
Read more
next icon
4 min read ・ Sep 05, 2024 ・by Eilon Morag
spherex Blog
MiCA: The Regulatory Wave Reshaping Crypto's Future
MiCA is a comprehensive EU regulation that mandates compliance in crypto, affecting smart contracts and blockchain-based operations
Read more
next icon
4 min read ・ Sep 05, 2024 ・by Eilon Morag

Get Bulletproof Protection From Web3 Zero-Day Attacks

Image