E4 - Beanstalk Flash Loan Governance Attack & Axie Infinity P2E Model Under Fire - 4/21/22
Download MP3In this week's episode, we take a deep dive into the fascinating flash loan governance attack delivered on the Beanstalk Farms protocol on Sunday. Then we dig into trending criticism on Axie Infinity's play to earn model.
Episode Summary
In this week’s episode, we take a deep dive in the fascinating flash loan governance attack delivered on the Beanstalk Farms protocol Sunday. Then we dig into trending criticism on Axie Infinity’s play to earn model.
Intro
Welcome to I, Degen - Each week, we track down and explore the most exciting crypto stories. Hacks, scams, exploits, and anything that feeds our crypto curiosity.
Welcome degens! Come one, come all.
It’s been another epic week. We will go deep on the Beanstalk Farms attack and explore some growing criticism of Axie.
But first, let’s jump into our choice-picked weekly Degen headlines.
Degen Weekly
- ETH Merge pushed back from targeted June to Q 3 2022 or later. Surprised?
- ETH staking post merge will likely be lower than anticipated -Crypto Slate
- Defi superstar Andre Cronje (CRON-YE) comes back after his 3rd rage quit and starts beating the crypto needs regulation drum - The Defiant
- “Ethan Gach with Kotaku says” Crypto Gaming “Landlords” upset they can’t keep exploiting all the players. Diminishing returns of the play to earn game Axie infinity and showing that the long term model of some of the guilds is unsustainable long term. - Kotaku
- New phishing attack that involves google ads… TradeDog on twitter says that over 4.31 MILLION has been exploited in this phishing attack - Tweet
- Lazarus group, a North Korean based hacker group has claimed responsibility for the Ronin bridge attack. Last week we heard they might be responsible but this week it seems they are fully taking ownership of this insane hack - Cryptured
- US House Democrats Call for Scrutiny on Crypto Mining as Environmental Threat
U.S. Rep. Jared Huffman (D-Calif.), who leads a subcommittee within the House of Representatives’ Natural Resources Committee, has recruited almost two dozen Democratic colleagues to urge federal environmental officials to devote further scrutiny to the consequences of cryptocurrency mining. - Coindesk
Degen Deep Dive
Beanstalk Farms Flash Loan Governance Attack
TLDR: On April 17th, 2022 an attacker used a barrage of flash loans to purchase a majority of BEAN tokens, the native governance token for Beanstalk Farms. Using this temporarily loaned voting power allowed them successfully pass an emergency governance proposal that drained the protocol of 76M in assets, sent 250K of the stolen money to the Ukraine War Fund, and sent the price of the stable BEAN tumbling.
Who:
victim: bean.money aka Beanstalk
victim: bean.money aka Beanstalk
Beanstalk is a decentralized and transparent solution to DeFi’s endemic stablecoin supply shortage. It was designed from first principles to be a paradigm-shifting DeFi primitive that makes decentralized, cost-efficient stablecoins available to anyone with an internet connection.Beanstalk was initially launched in August 2021 with just 100 Beans and has never taken traditional funding. Over the last eight months, Beanstalk organically grew to $100M in market cap, attracting $144M in long term-incentivized liquidity.
To date, flawed stablecoin implementations sacrifice the main benefits of decentralized computing by requiring trust in a centralized party and limit their potential market capitalization by imposing collateral requirements.A stablecoin that (1) does not compromise on decentralization, (2) does not require collateral, and (3) trends toward more liquidity and stability, will unlock the potential of
DeFi.We propose an Ethereum-native, credit based stablecoin protocol that issues an
ERC-20 Standard token that fulfills these requirements.An on-chain price oracle leverages an existing centralized bridge between the Ethereum blockchain and the rest of the world to create a decentralized, reliable and inexpensive source for the price of a nonEthereum-native value peg.A Decentralized Autonomous Organization (DAO) governed
by a yield generating, inflationary, ERC-20 Standard token simultaneously provides security, encourages consistent liquidity growth, and dampens price volatility.
Attacker:
Anon/unknown
Anon/unknown
What:
attack details:
attack details:
- Created two malicious governance proposals and submitted them to the governance contract and wait for 24hrs
- AAVE FlashLoans sourced from Tornado Cash --> Synapse Protocol Bridge:
350M DAI
500M USDC
150M USDT - Bought 32M BEAN on Uniswap V2
- bought 11.6M LUSD?
- These tokens were used to add liquidity to Curve pools with BEAN for the governance voting
- Voted for and passed, BIP-18 & 19 (malicious proposals)
- Pull back liquidity
- Repay flash loans
- Converted all received funds into 24,800 ETH ($76M)
- ETH moved to TornadoCash
– from BEANSTALK - REKT & PeckShield’s step by step
Presumably, to avoid suspicion of an inside job, Publius, the anon behind the protocol, took the decision to reveal their identity as a group of three in a statement published to Discord.
From ^^ rekt
6.5 Governance
A robust decentralized governance mechanism must balance the principles of decentralization with resistance to attempted protocol changes, both malicious and ignorant, and the ability to quickly adapt to changing information.In practice, Beanstalk must balance ensuring sufficient time for all
ecosystem participants to consider a Beanstalk Improvement Proposal (BIP), join the Silo and cast their votes, with the ability to be quickly upgraded in cases of emergency.
6.5.2 Voting Period
A Voting Period opens when a BIP is submitted to the Ethereum blockchain and ends at the beginning of the 169th Season after it is submitted, or when it is committed with a supermajority
Doesn’t matter though, as it looks like a super majority of tokens was used to override the 169th season (~7 days).
5 Seasons
Thus, Beanstalk creates a cost-efficient protocol-native timekeeping mechanism
and ensures cost-efficient code execution on the Ethereum blockchain at regular intervals.
Confusing… How about this:
Seasons are the Beanstalk-native timekeeping mechanism. Each Season is ∼1 hour long.
What’s odd:
- Variations in reports about how much was hacked from 76M to 182M. 76M was stolen, but BEAN token coin market cap after the attack represents the rest of the 182M
- Proposals were submitted 24hrs in advance: No one noticed or didn’t care? - “meh, they won’t pass so who cares?”
- I don’t see the malicious governance proposals on snapshot?
- We talked a lot about how to avoid a governance attack like this when we deployed GTC. Flashloan attack was not in our threat model because the liquidity didn’t exist initially.
Why is this important:
- First flash loan governance attack?
- How many DAOs are currently vulnerable to this type of attack? Seems likely we’re going to see this type of attack again very soon.
- Keep an eye out for suspect governance proposals. You could make bank if spotted one of these attack in progress and acted accordingly.
- Beanstalk looks to have done a great job of communicating with their community about this hack.
- Delay of on-chain proposals is one way to prevent this
- 250k in stolen funds sent to Ukraine donation address. Should they send it back to BEAN?
- I, Degen optimism - Each new/novel defi attack is an opportunity to learn and build back stronger.
Source list:
https://rekt.news/beanstalk-rekt/
https://twitter.com/kelvinfichter/status/1515735717305008138
https://www.theverge.com/2022/4/18/23030754/beanstalk-cryptocurrency-hack-182-million-dao-voting
https://bean.money/blog/path-forward
https://medium.com/beanstalkfarms/introducing-beanstalk-557c45cb8d80
Beanstalk FlashLoan Exploiter contract
https://twitter.com/peckshield/status/1515692144190648322
https://rekt.news/beanstalk-rekt/
https://twitter.com/kelvinfichter/status/1515735717305008138
https://www.theverge.com/2022/4/18/23030754/beanstalk-cryptocurrency-hack-182-million-dao-voting
https://bean.money/blog/path-forward
https://medium.com/beanstalkfarms/introducing-beanstalk-557c45cb8d80
Beanstalk FlashLoan Exploiter contract
https://twitter.com/peckshield/status/1515692144190648322
Freestyle Convo: Axie Play to Earn or Play to be Exploited?
Hit piece or legit criticism? Both? - Kotaku
Outro
We do our best to report accurately on the topics we discuss but we’re not always going to get everything right. Please comment here or reach out to us @idegenfm with corrections or comments!
https://hackmd.io/@idegen/E4-Beanstalk-FlashLoan-Governance-Attack-Axie-Infinity-Under-Fire
https://hackmd.io/@idegen/E4-Beanstalk-FlashLoan-Governance-Attack-Axie-Infinity-Under-Fire