Analysis of the Flash Loan Attack Incident on Cellframe Network

On June 1, 2023, at 10:07:55 AM (UTC+8), Cellframe Network was attacked by hackers on a certain smart chain due to a token quantity calculation issue during the liquidity migration process. The attack resulted in the hackers profiting $76,112.

Attack Details

Hackers use the Flash Loans feature to obtain large amounts of funds and tokens by manipulating the token ratios in the liquidity pool to carry out attacks. The attack process mainly includes the following steps:

1. Acquire funds: Obtain 1000 native tokens of a certain chain and 500,000 New Cell tokens through Flash Loans.

2. Manipulating the liquidity pool: Exchange all New Cell tokens for native tokens, causing the amount of native tokens in the pool to approach zero. Then exchange 900 native tokens for Old Cell tokens.

3. Add liquidity: Before the attack, the hacker adds liquidity to the Old Cell and the native token's liquidity pool to obtain Old lp.

4. Trigger liquidity migration: Call the liquidity migration function. At this point, the new pool has almost no native tokens, and the old pool has almost no Old Cell tokens.

5. Exploiting computational vulnerabilities: Due to the very small quantity of Old Cell tokens in the old pool, the amount of native tokens obtained when removing liquidity increases, while the quantity of Old Cell tokens decreases. This causes users to only need to add a small amount of native tokens and New Cell tokens to acquire liquidity, and any excess tokens are returned to the user.

6. Completing the attack: The hacker removes the liquidity from the new pool and exchanges the returned Old Cell tokens for native tokens. Then, by taking advantage of the situation where there are a large number of Old Cell tokens in the old pool but a lack of native tokens, they re-exchange the Old Cell tokens for native tokens, thus realizing a profit.

Causes of Vulnerabilities and Prevention Suggestions

The root cause of this attack lies in the calculation issues during the liquidity migration process. The attacker exploited the calculation vulnerabilities in the migration function by manipulating the token ratio in the pool.

To prevent similar attacks, it is recommended to take the following measures:

1. Comprehensive consideration: When migrating liquidity, one should fully consider the changes in the quantities of the two tokens in the old and new pools, as well as the current token prices.

2. Avoid simple calculations: One should not rely solely on the quantities of the two currencies in the trading pair for direct calculations, as this can be easily manipulated by attackers.

3. Security Audit: Before the code goes live, it is essential to conduct a comprehensive and rigorous security audit to identify and fix potential vulnerabilities.

This incident once again emphasizes the importance of security and robustness when designing and implementing complex financial operations. Project teams should remain vigilant at all times and continuously optimize their security measures.