The Race Against Time and Strategy: About the AnySwap Rescue and Things We Have Learnt

Figure 1: The project notified the victim through Ethereum messages
Figure 2: Our announcement to perform the rescue
Figure 3: The announcement to stop the rescue

Key takeaways (TL;DR)

  • There exist competitions between different participants, including the whitehats and the attackers. The payment fee for the Flashbots increased rapidly as times went by.
  • Flashbots did not always work. Instead, some attackers turned to use the normal mempool to launch a successful attack by adopting some sophisticated strategies.
  • Some attacker was whitewashed by returning back part of the stolen fund, while the remaining was kept as the bounty award. This phenomenon, though not the first appearance, is controversial in the community because such an incentive may not be fair to the real whitehats.
  • To convince the community, it is a good practice for the whitehat to make the action public known in advance without leaking any detailed sensitive information.
  • The community can work together to perform the resuce more effectively and efficiently. For example, building a coordination mechanism to reduce/avoid whitehat competitions.

0x1 Rescues and Attacks

0x1.1 Overall result

The attacks and rescues we observed and investigated in this report have been last for months, ranging from block 14028474 (Jan 18th, 2022) to block 14421215 (Mar 20th, 2022).

0x1.2 The trend of the fee to bid the Flashbots

As mentioned earlier, whitehats need to compete with attackers to send the transactions. As a result, the percentage of the fee to the miner (in the Flashbots transactions) may reflect the level of the competition. To quantitatively measure it, we investigate the fee percentage (including attack transactions and rescue transactions respectively) for each block.

Figure 4: Fee percentage of attacks and rescues

0x2 Our Rescue and the Challenges

0x2.1 The way to perform the rescue

The basic idea to perform the rescue is quite straightforward. Specifically, we need to monitor the accounts that have approved WETH to the vulnerable contract. When there is any WETH transferred to the account, we can directly transfer it to our multi-sig wallet by exploiting the vulnerable AnySwap contract. The key requirements are:

  • R1: Efficiently locating the transactions that transfer tokens to the victim accounts. We name these transactions as transferred TXs in the following.
  • R2: Correctly crafting the transactions to perform the rescue. We name these transactions as rescue TXs in the following.
  • R3: Successfully frontrunning the transactions sent by the attackers (and any other third-parties). We name these transactions as attack TXs in the following.

0x2.2 Competitions we involved

In total, we attempted to protect distinct 171 potential victims, while 10 of them protected themselves by revoking the approvals right before we were trying to perform the rescue. For the remaining 161 valid victims, we only succeeded to rescue 14 of them due to the competitions. The failure cases are summarized in the following table, involving 3 rescue accounts and 16 attack accounts.

0x3 Some Lessons We have Learnt

0x3.1 How to determine the number of fee to Flashbots’ miner?

In summary, we were beaten by 12 competitors, including 2 rescue accounts and 10 attack accounts, which were using the Flashbots.

  • Figure 5 shows that the attacker 0x5738** set the fee percentage to 70% at block 14071986.
  • Figure 6 shows that the whitehat 0x14ca** set the fee percentage to 79% at block 14072255.
  • Figure 7 shows that the whitehat 0x14ca** set the fee percentage to 80%, at block 14072385.
  • Figure 8 shows that the whitehat 0x9117** set the fee percentage to 81% at block 14072417.
  • Figure 9 shows that the attacker 0x5738** set the fee percentage to 86% at block 14073395.
Figure 5: 70% fee specified by the attacker 0x5738**
Figure 6: 79% fee specified by the whitehat 0x14ca**
Figure 7: 80% fee specified by the whitehat 0x14ca**
Figure 8: 81% fee specified by the whitehat 0x9117**
Figure 9: 86% fee specified by the attacker 0x5738**

0x3.2 How to place the right position in the mempool?

Now it looks like the rescue would rely on the arms race of fee competition to bid the Flashbots. However, we found that using Flashbots was not panacea due to the intense competitions from other participants which had nothing to do with the rescuing and attacking. In such a case, even the highest fee specified by an attack Tx cannot guarantee to win the chance to use the Flashbots.

  • Figure 10 shows that a victim deposited 50 ETH at position 65 of block 14051020, and figure 11 shows that the attacker harvested the 50 ETH at position 66 of the same block.
  • Figure 12 shows that a victim deposited 200 ETH at position 161 of block 14052155, and figure 13 shows that the attacker harvested the 200 ETH at position 164 of the same block.
Figure 10: Transferred TX at position 65 sent by the victim 0x3acb**
Figure 11: Attack TX at position 66 sent by the attacker 0x48e9**
Figure 12: Transferred TX at position 161 sent by the victim 0xbea9**
Figure 13: Attack TX at position 164 sent by the attacker 0x48e9**

0x4 Some Other Thoughts

0x4.1 Whitehat hack or attack?

When it comes to the recognition of the whitehat hacks, they might be not as straightforward as one may expect.

  • In TX 0x3c3d**, AnySwap contacted the attacker:
  • In TX 0x354f**, AnySwap acknowledged with thanks after receiving the funds:

0x4.2 Competition between whitehat hacks?

It is necessary to build a coordination mechanism to reduce/avoid competitions between the whitehats. Such a competition inevitably leads to a waste of the rescue power. In this rescue, there exist 54 victims (with 450 ETH fund) which were protected by other three whitehats, while we also tried to perform the rescue.

0x4.3 How to make a better rescue

On the one side, to convince the community, it is a good practice for the whitehat to make the action public known in advance without leaking any detailed sensitive information. There is enough time to do it as the rescue is usually a seesaw battle with multiple trials, which is different from some one-time effort like blocking a particular attack. Of course, the detailed information regarding the vulnerabilities should not be leaked.

  • Flashbots/Miner may provide some the green channel for the certified whitehats. The green channel can provide a high priority to front-run the attackers’ TXs, and avoid competition between whitehats.
  • The projects being attacked cover the cost of Flashbots/miners.
  • The projects may apply convenient and fast notification mechanisms to users.
  • The project may apply the emergency mechanism in the code.

About BlockSec

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
BlockSec

BlockSec

The BlockSec Team focuses on the security of the blockchain ecosystem and the research of crypto hack monitoring and blocking, smart contract auditing.