Open in app

Sign in

Write

Sign in

The Analysis of the Sanshu Inu Security Incident

BlockSec
3 min readJul 21, 2021

On July 21st, our DeFiRanger system ( https://arxiv.org/abs/2104.15068) reported a couple of suspicious transactions. After manual analysis, we confirm that these transactions are attacks to Sanshu Inu. Specifically, the Memstake contract of Sanshu Inu was attacked by abusing the deflation mechanism. In the following, we will use involved attack transactions to illustrate the attack process.

Attack Flow

The following figure lists some of the transactions launched by the attacker ( 0x333).

The attack consists of four steps. The critical one is the second step, which leverages the deflation mechanism of the ERC20 token to manipulate the reward calculation of the Memstake smart contract.

  • Step 1 (preparation): The attacker creates two attack contracts. The first one deposits 2,049B KEANU. The second one is the attack contract.
  • step 2 (manipulation): the attacker first borrows a large number of KEANU tokens using the flash loan ( Towards A First Step to Understand Flash Loan and Its Applications in DeFi Ecosystem (SBC 2021)) from uniswapV2, and then deposits the tokens into/withdraws from the Memestake using the second smart contract created in step 1. Since the KEANU has the deflation mechanism, which burns 2% tokens for each transaction, the real number of tokens deposited into the Memestake is smaller than the value ( user.amount) maintained by the Memestake contract. The attacker repeats this process and makes the number of KEANU tokens inside the Memestake decrease to a small one (1e-07). See the transaction 0x00ed and the following figure.
  • Step 3 (making profit): The attacker invokes the Memestake.updatePool() to update the accMfundPerShare. This value relies on the number of KEANU tokens (which was manipulated in the second step.) Then the attacker obtains a large number of Mfund(~61M). See the transaction 0xa945 for more details.
  • Step 4 (swapping to WETH): The attacker swaps the MFund and KEANU to WETH and launder the money through Tornado.Cash. The attacker gained 55.9484578158357 ETH as profits.

MISC

Interestingly, the second/third step of the attack is related to Flashbots. The second step buys KEANU with 38 ETH ( 0x00ed). This transaction is attacked by a sandwidth attack (through Flashbots) — which makes the attacker himself a victim of a sandwidth attack. The third step ( 0xa945) sells MFund in uniswap, which creates an arbitrage opportunity that was captured by a Flashbots searcher.

About

BlockSec

BlockSec Team: Focus on the security of the DeFi ecosystem

www.blocksecteam.com

contact@blocksecteam.com

twitter: https://twitter.com/BlockSecTeam

Medium: https://blocksecteam.medium.com/

Defi Security

--

--

BlockSec

Written by BlockSec

1.8K Followers

The BlockSec Team focuses on the security of the blockchain ecosystem and the research of crypto hack monitoring and blocking, smart contract auditing.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams