The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

  • Hacken
  • Blog
  • Discover
  • The Euler Finance Hack Explained

The Euler Finance Hack Explained

By Fáwọlé JohnandHacker Hacken

Share via:

The crypto industry was shaken a bit on the 13th of March, 2023. An attacker exploited the Euler Finance protocol for a record-breaking $187 million flash-loan attack.

According to on-chain reports, the hacker stole $187 million from the Euler Finance protocol. So far, this tops the list of the biggest hacks in 2023. How did it happen?

Inside the Attack

The hacker created three contracts; a primary one, then two others for violation and liquidation. They got a flashloan of 30 million DAI from Aave, a flashloan protocol, and sent it to the violation contract.

The hacker deposited 20 million DAI to Euler Protocol and got approximately 19.6 million eDAI in return. Then they leveraged the 19.6 million eDAI to borrow approximately 195.6 million eDAI and 200 million dDAI.

Recall that the hacker still has 10 million DAI left out of the 30 million DAI they borrowed. They used the remaining 10 million DAI to repay some of their debt. This was important because the Euler Finance smart contract checks the health score of borrowing accounts. Balance is now 190 million dDAI. Then they borrowed another 195.6 million eDAI and 200 million dDAI. 

At this point, the hacker donated 100 million eDAI to the Euler protocol reserve. This call was successful because the donateToReserve function has no liquidity check. The liquidation call was successful, and the attacker got 254 million dDAI and 310 million eDAI. They repaid Aave its 30 million DAI and made about 8.7 million DAI from the exploit.

It didn’t end there. The attacker also used this address [00x47ac3527d02e6b9631c77fad1cdee7bfa77a8a7bfd4880dccbda5146ace4088f] to execute this same attack logic with WETH. 

The attacker’s actions:

  • borrowed 20895 WETH flashloan from Aave
  • deposited 13930 WETH into the EToken pool
  • minted ETokens and received 13930 from the pool
  • paid 6965 WETH to improve health score
  • minted 13930 WETH and donated 69650 WETH
  • the liquidation contract received 28994 WETH
  • paid back Aave and took away 8099 ETH ($135,630,71)

What were the vulnerabilities?

After careful analysis, we discovered that the hacker exploited two vulnerabilities in the Euler Finance contract.

1. Lack of liquidity checks on the donateToReserves function. The donateToReserve function allows the users of Euler to deposit funds into the reserved address. Everyone who calls this function has both Debt Token (DToken) and Equity Token (EToken).

The main vulnerability of this function is that it doesn’t check or confirm the liquidity status of the borrower. So the users can under-collateralize their leverage by donating their Equity Tokens to the reserve while their Debt Tokens remain unchanged. This creates a form of technical bad debt. So the hacker’s liquidation contract successfully withdrew from the protocol.

2. The Healthscore Flaw. Euler finance has a design for assigning health scores to accounts. It allows insolvent accounts to get the collateral without repaying the outstanding debt. This was spelled out in the computeLiqOpp function.

The logic behind this code block is that seizing all the borrower’s collateral does not necessarily mean they will still be solvent. Hence, whatever collateral they have left should suffice. However, an attacker can exploit this logic by carrying out under-collateralized leverage.

How is the Euler Finance team handling the situation?

On the 14th of March, the Euler team issued a release on their Twitter account and mentioned their 3 action steps:

  • Stop the attack 
  • Engage more ETH Security companies
  • Involve the law enforcement agencies
  • Possibly negotiate with the hacker

Lessons Learned from the Attack

While the Euler team is trying to recover from the attack, there are a few lessons from this exploit:

Test thoroughly. On a closer look, the donateToReserve function was not properly tested. As seen on their GitHub, It was not tested for donating after borrowing and health score after donating. The team could have mitigated this attack if they had tested the vulnerable function against every possible scenario. This is more critical when new logic and functions are introduced to an existing codebase. As in the case of the donateToReserve function, test new improvements in the smart contract.

Audit more rigorously. Six Web3 security companies had audited Euler Finance, yet this attack occurred. It’s fair to say that not all audits reviewed the faulty function. Still, some audits are not done deeply and can leave out of scope important functions, so it’s better to have a comprehensive audit.

Request a Smart Contract Audit that makes a difference. 

subscribe image
promotion image

Subscribe to our newsletter

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.

Read next:

More related
  • Blog image
    Onyx Protocol Hack Explained: A Deeper Dive Into $2.1M Exploit Hacker H.
  • Blog image
  • Blog image

Get our latest updates and expert insights on Web3 security