Original Title: “Reviewing How I Profited from the Attack on Venus THE”
Original Author: Weilin (William) Li, Crypto Trader
Two hours ago, Venus's THE was hit by a very typical Mango Markets-style price manipulation attack.
The attacker targeted the low liquidity collateral THE:
· First, collateralize THE
· Borrow other assets
· Then use the borrowed assets to continue buying THE
· Keep pushing the THE price up
· Wait for the time-weighted oracle to update, obtain a higher collateral value, and then continue the cycle of borrowing.
From my paper: Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems (https://dl.acm.org/doi/10.1145/3605768.3623545)
Due to the extremely poor on-chain liquidity of THE, the price was forcefully pulled from $0.27 to nearly $5. The oracle price was subsequently updated to 0.5 (time-weighted), allowing the attacker further room to amplify leverage.
The more critical issue is that THE itself has a supply cap.
Normally, this would limit the attacker’s ability to further increase positions. But he used a classic old trick to bypass it: the Compound fork’s donation attack. Specifically, after depositing a large amount of THE, he directly transferred THE to the vTHE contract and continued to raise the collateral value identifiable by the system through “donation,” further breaking through the cap.
Attack transaction: 0x4f477e941c12bbf32a58dc12db7bb0cb4d31d41ff25b2457e6af3c15d7f5663f
Attack transaction: 0x4f477e941c12bbf32a58dc12db7bb0cb4d31d41ff25b2457e6af3c15d7f5663f. Expanded collateral through donations
After the first wave of attack, the price of THE stabilized roughly around $0.5.
At this point, the attacker could have already walked away with the borrowed assets. But he clearly wanted to maximize profits, so he continued to inject the borrowed assets to buy THE, trying to push up the price again.
The problem arose: Although the price was abnormally high, market selling pressure also began to become extremely exaggerated. The attacker continued to buy but could hardly move the price anymore. In the end, he almost exhausted his collateral capacity, and his position health factor was driven close to 1, nearing liquidation.
THE Price Changes
At this point, the situation was very clear: The collateral in the attacker’s hands, which included his pre-prepared assets and the THE bought during the attack, had a nominal value of about 30M. However, the core issue with these collaterals is that there was simply not enough liquidity to absorb them. Once liquidation started, these THE could only be frantically dumped into the market. And in the market, it was impossible for anyone to buy such a large amount at this inflated price.
So what did I do?
When the liquidation started, I directly opened a short position on THE. And this position could actually take on relatively higher leverage.
The reason is simple: Overvaluation, low liquidity, massive passive selling pressure, no buyers.
The results were not surprising: After the liquidation ended, THE price fell all the way back to around $0.24, even lower than the price before the attack because the original holders also sold during the process.
I closed the short position here, making a profit of about 15K.
My Short Position
Ultimately, Venus was left with about 2M in bad debt.
As for how much the attacker actually made, I have not completed the total; but based on the operations of some addresses, he likely barely made any money or even ended up losing everything. However, the attacker may still have off-chain positions to profit (just like our operations).
Venus's approximately 2M bad debt address: https://debank.com/profile/0x1a35bd28efd46cfc46c2136f878777d69ae16231
Venus's ~2M Bad Debt:
https://debank.com/profile/0x1a35bd28efd46cfc46c2136f878777d69ae16231
This incident once again illustrates:
In DeFi, “nominal collateral value” does not equal “liquidation value.” When the collateral itself has no liquidity, the system sees 30M, but the market can redeem hardly even a fraction of that.
I published a paper in 2023 titled Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems, in which this attack was detailed with mathematical modeling; interested readers can refer to: https://dl.acm.org/doi/10.1145/3605768.3623545
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
