Sentiment, an undercollateralized lending protocol, appears to have been exploited with over $500,000 in cryptocurrency on April 4. Ethereum Blockchain Data Shows One Transaction Transferred $536,738.410031 USDCoins,From Synapse Bridge, this is linked to a series of Arbitrum transactions that drain tokens from Sentiment.
The wallet performing the attack has been flagged by Arbiscan as a "Sentimentxyz Exploiter," and the Sentiment team has announced on Twitter that they are aware of "potential issues" with the protocol. Twitter user Officer's Notes suggested this could be a reentrancy attack. The user came to this conclusion relying on research done by Twitter user FrankResearcher.
The Sentiment team has not yet said what steps are being taken to stop the attack or what steps users should take to reduce the risk. Further investigation revealed that the attacker created a Sentiment BeaconProxy contract and used it to change the balance in the Balancer pool and make a series of loans and transfers to the contract. Some of the tokens sent to this BeaconProxy contract were then transferred to the attacker's account.
Analysis by Gearbox Protocol developer Mikhail Lazarev suggests that attackers may rely on bugs caused by interactions between Balancer and Sentiment to extract assets before Sentiment’s price updates. At least three smart contracts were used to carry out the attack, one of which failed and had to be replaced. After the attack was complete, the code of two of the contracts was cleared through a self-destruct procedure. The attacker first deploys the contract to the Arbitrum network at the following address:
0xa4d063b9468b93aee2a87ec7072c3dabd5ee5968.
They then called the contract's "run" function a minute later. However, this function call fails with a "Fail with error 'BAL#420" response. The attacker responded by calling the "self-destruct" function on the contract, which was successful. This removes all contract code from the blockchain.
After destroying this contract, the attacker redeploys to the following address: 0x9f626F5941FAfe0A5b839907d77fbBD5d0deA9D0.
Then they call the "run" function again. This time, it worked, causing the contract to execute a series of transactions. One of the transactions created a sentiment account or "BeaconProxy" contract at 0xdf346f8d160424c79cb8e8b49b13dd0ca61c3b8c.
This BeaconProxy contract is used to change pool balances in the Balancer pool and emits the PoolBalancesChanged event. BeaconProxy also performed a series of borrows and transfers, draining tokens from the Sentiment protocol. Some tokens were then transferred to the attacker’s personal account, while others were used to repay Aave’s flash loan.
The Arbitrum blockchain data is not clear whether the transfer or the pool change occurred first, as transactions are not always listed in the log in a logical order.
However, in his analysis, Lazarev indicated that these transfers were made before the PoolBalancesChanged event was emitted, but after the pool was actually changed. This is allowed to happen because Balancer does not update the balance of the asset until it is sent to the user. Lines 258-280 of the Balancer PoolBalances.sol contract show that the balance is updated on line 278, and tokens are sent to the receiver starting on line 271.
In Lazarev’s view, this allows an attacker to “[manipulate] these values to overvalue his collateral, and then borrow and withdraw sentiment pool assets.” Blockchain data shows that once the attack was complete, the attacker destroyed the contract that created the BeaconProxy.
