Post Incident Review — BIST Single Asset Staking (BinanceSmartChain) security breach
Last Saturday night, May 7th (2022–05–07 09:20 PM +UTC) an attack took place on one of our staking contracts. The attacker has utilized a combination of different events. With these events the attacker exploited our single asset staking contract on the Binance Smart Chain. The other staking contracts are not affected and are not at risk.
Analysis of Breach
Last year, we implemented the pNetwork protocol bridging solution so our community can seamlessly transfer our BIST token to Binance Smart Chain. With this implementation, our native ERC-20 BIST tokens are wrapped by pNetwork and thereby bridged to BSC. The wrapped token that is minted during the bridging process is a BEP-777 (equivalent to the ERC-777 Standard) token. This token conversion created an opportunity for the attacker to exploit our staking contract.
The code snippet below shows the emergencyWithdraw() function of the staking Contract (0x2987b3983bfa7e2698b4c10a361ca5119697a080). In this snippet the contract returns the user’s staked amount to the caller (msg.sender) with pool.lpToken.safeTransfer(). The amount to be sent is retrieved out of the user storage object (user.amount). After the transfer, “user.amount” is then set to zero.
However, the caller mentioned in this function could be a malicious contract, as in the case of the hacker (0x70b31bb9859e88ddb3ac04bc205575992edad3fa). In the event, the callback function is implemented in the malicious contract, which causes the emergencyWithdraw() to be hijacked through the pool.lpToken.safeTransfer() call. Since the (wrapped) pToken variant of the BIST token is a BEP-777 token, the contract calls _callTokenToSend when implementing the transfer call, where the hacker creates an iterative loop between that function and the EmergencyWithdraw function, resulting in a re-entrancy attack (as seen on image 2 below).
Essentially, what this means is that the attacker is capable of tricking the smart contract by interacting with it via a malicious smart contract.
As described in the situation above the emergencyWithdraw function has a call to an external address, this causes a contract state change in the middle of the execution. This makes it possible for the attacker to call back into our staking contract before the initial interaction is completed, resulting in overriding the user.amount reset (visible on rule 1330 of image 1). This setup is possible due to the fallback function of the ERC-777 standard that has been used for the wrapped BIST token equivalent on the Binance Smart Chain.
The attacker has deployed their own smart contract that performs the entire attack from a single transaction and then partially bridges the funds to Ethereum. As seen in the transaction below:
The BIST tokens were swapped immediately after the hack, an overview below:
The first swap transaction resulted in 51,996 BNB and can be found at the following address:
Swap TX: https://bscscan.com/tx/0xe4d60a4c4874f4c923bef6e7cd272a6c8a24cadb76c50c69a66ea72
Wallet stolen funds: https://bscscan.com/address/0xba31058357ea2f474a2ed0d1b3f9183904ebd38a
The second transaction resulted in 10.9749 ETH and took place on ethereum with the funds first being bridged and then swapped on uniswap:
Wallet with stolen funds: https://etherscan.io/address/0x6ea72d536c8842646daa95d14a2fd622c258b610
Damages & Lost funds
The attacker was able to withdraw 1,711,569 $BIST (~$47k) from the deposits in the single asset staking contract on the BinanceSmartChain, and went on to dump the tokens on the open markets for $BIST. Generating a sharp price drop.
Reimbursement program for affected community members
Because the BIST community is so valuable to us, we will reimburse community members who lost their BIST tokens during the attack. We will analyze all deposits made to the smart contract and return the deposited $BIST to the wallets that staked their tokens on BSC.
We will need some time to perform the calculations and during this time we will also calculate an average APY per deposited $BIST. Our goal is to also distribute rewards that would have applied to the tokens staked for the period of the staking program being live. This is a gesture of goodwill in which we apply rewards to the tokens as if they were staked from day 1.
The tokens used for the reimbursement and rewards will potentially be bought on the open markets, or funded by the treasury. The tokens will be transferred to the eligible wallets by the project.
Hopefully this will somewhat ease the inconvenience that this situation has caused for the Bistroo Community.
Any disbursements related to this matter will be done solely on a voluntary basis and cannot be interpreted as the acceptance of any liability whatsoever relating to this matter, nor to any future matters. Payment of disbursements related to this matter does not oblige us in any way to provide disbursements in the future.
Reinstating the BSC Staking Program
Our goal is to fully reinstate the BSC staking program as soon as possible. We are aware that a big part of our active community members are active on the BinanceSmartChain and we want to provide the same staking opportunity as we do on Ethereum.
We will keep you informed on the release of this updated staking contract and will re-enable the functionality on portal.bistroo.io for easy access.
Organizational & Process improvements for prevention
In this specific case we have utilized audited and widespread adopted smart contract standards. The vulnerability was only generated due to the specific combination of bridging technology and the staking contract ‘emergency withdraw’ functionality. We will closely evaluate all actors and technologies involved in this scenario in order to prevent a similar situation in the future. In addition, adjustments to our internal administrative organization, quality assurance, and auditing procedures have been made.
Get your fill on everything Bistroo!
Bistroo is a peer-to-peer marketplace for food & beverages, powered by the BIST Token. A protocol where food consumption can be easily organized and personalized against significantly reduced fees. Merchants are in full control of their payments, product selection, customer relations, orders, advertising, and analytics. Customers can have direct relations with their favorite merchants, earn rewards and get food recommendations that fit their taste.