Platypus Finance - February 16, 2023


Drop your email to read the BlockApex newsletter and keep yourself updated around the clock.

    Table Of Content



    Platypus Finance is a decentralized finance (DeFi) platform. On February 17, 2023, the platform was hacked, resulting in a loss of approximately $8.5 million worth of assets. In this hack analysis, we will delve into the details of the attack, the vulnerability that was exploited, and the impact it had on the platform and its users.

    Hack Impact

    The financial implications of this exploit are substantial, with the attacker managing to siphon off a significant amount of funds. By exploiting the vulnerability in the emergencyWithdraw function of the MasterPlatypusV4 contract in Platypus Finance, the attacker was able to create "bad debt" in the system, allowing them to acquire the debt's upside.

    As a result the attack  hack had a significant impact on the Platypus Finance ecosystem and its users. The attack resulted in a loss of approximately $8.5 million worth of tokens and caused a large decline in the price of the USP stablecoin. The price of USP fell by more than 66% compared to its intended $1 peg, and the project's native PTP token lost a quarter of its value in a day. The attacker was able to mint 40 million USP tokens from the Platypus Finance's contract MasterPlatypusV4 contract using 44 million Platypus LP-USDC tokens as collateral. However, the team was able to recover approximately $2.4 million USDC from the attack contract, reducing the overall impact of the hack.

    Vulnerable Functions Overview

    The emergencyWithdraw Function (Picture credit)

    Platypus Finance - EmergencyWithdraw Function

    The emergencyWithdraw function allows users to withdraw their funds from the pool without accounting for rewards. This function is intended for emergency situations and is designed to be used when a user needs to exit the pool quickly without waiting for the rewards to accrue.
    The emergencyWithdraw function takes a pool ID as an argument and retrieves the corresponding pool and user information from the mapping. It then resets the rewarder to zero, transfers the user's LP tokens to their address, updates the sumOfFactors, and sets the user's amount, factor, and rewardDebt to zero

    The isSolvent function (Picture Credit)

    Platypus Finance - _isSolvent function

    The isSolvent function in Platypus Finance contract is used to determine if a user's collateral position is solvent, meaning if the value of the collateral is greater than or equal to the outstanding debt. It takes the user's address, the token address, and a boolean indicating if the position is being opened or closed as arguments.

    The isSolvent function first retrieves the user's debtShare and checks if it is zero. If it is, it returns true, indicating that the position is solvent. If the debtShare is non-zero, it calculates the debtAmount by multiplying the debtShare with the totalDebtAmount and interest since the last accrual, and dividing the result by the totalDebtShare. It then checks if the debtAmount is less than or equal to the borrow limit if the position is being opened or the liquidate limit if the position is being closed.

    Security Flaw in the Functions

    The vulnerability in the emergencyWithdraw() and _isSolvent() functions is due to an improper solvency check that allows an attacker to withdraw their collateral without fully paying back their debt. Specifically, the solvency check only considers whether the user's debt amount exceeds the borrowing limit, but does not take into account the actual debt owed by the user.

    This means that an attacker can deposit collateral to borrow USP tokens, but then withdraw their collateral without paying back the full amount of USP borrowed. Since the solvency check only considers the borrowing limit, the attacker can appear solvent and pass the check even if they owe a significant amount of debt.

    The vulnerability is caused by a logical flaw in the code, as the solvency check should also consider the actual debt owed by the user, not just the borrowing limit. The code should be updated to accurately calculate the amount of debt owed and ensure that it is fully paid back before allowing a user to withdraw their collateral.

    The Devious Hack: A Step-by-Step Explanation

    Taking a Flash Loan

    The attacker borrowed a massive 44 million USDC from a lending protocol, just like taking out a huge loan from a bank.

    Depositing USDC

    The attacker deposited the 44 million USDC into a platform called Platypus USDC Asset (LP-USDC) and received 44 million LP-USDC tokens similar to a person depositing money in a bank and receiving a line of credit.

    Borrowing More Money (USP Tokens) with Collateral

    Using the 44 million LP-USDC tokens as collateral, the attacker borrowed 41.79 million USP tokens from the system, similar to taking out a second loan by leveraging the line of credit received earlier.

    Exploiting a Loophole in the System

    The attacker found a vulnerability in the system's solvency check (emergencyWithdraw and isSolvent functions) , which didn't properly account for the debt amount. This loophole allowed the attacker to withdraw the initial collateral without repaying the borrowed USP tokens, as the debt was within the 95% borrowing limit cap.

    Withdrawing the Initial Collateral

    The attacker used the loophole to withdraw their initial collateral (44 million LP-USDC tokens), equivalent to taking back their initial deposit from the bank without repaying the second loan.

    Cashing Out the Collateral

    The attacker withdrew the 44 million USDC from the LP-USDC Asset, converting the collateral back into cash.

    Profiting by Swapping USP Tokens for Other Assets

    The attacker swapped the 41.79 million USP tokens for various stablecoins across multiple platforms, making a total profit of approximately $8.5 million, similar to exchanging the second loan for valuable assets.

    Repaying the Flash Loan

    Finally, the attacker repaid the initial 44 million USDC flash loan, keeping the $8.5 million profit.

    Recommendations for Enhanced Security

    To mitigate the vulnerability in the emergencyWithdraw() and _isSolvent() functions in Platypus Finance, the solvency check should be updated to consider the actual debt owed by the user rather than only taking into account the debt limit. This can be achieved by implementing a check that validates the user's current debt amount against their collateral value.

    This will ensure that users cannot withdraw their collateral without fully paying back their debt, thereby preventing the creation of "bad debt" in the system. It is also recommended to perform thorough testing and auditing of the updated solvency check to ensure its effectiveness in preventing such attacks. Additionally, implementing a time-delayed withdrawal feature can provide an additional layer of security and prevent attackers from instantly withdrawing their collateral in case of a vulnerability exploit.

    Transaction Analysis

    Attacker's address: 0xeff003d64046a6f521ba31f39405cb720e953958

    Attack transaction: 0x1266a937...

    Attack contract: 0x67afdd6489d40a01dae65f709367e1b1d18a5322

    The hack resulted in USP being depegged by over 50%, and the stolen $8.5 million remains in the hacker's contract. $1.5 million of stolen USDT has been blacklisted.


    Conclusion: Lessons Learned and the Importance of Security

    In conclusion, the MasterPlatypusV4 hack, a.k.a Platypus Finance hack, highlights the importance of robust security measures and thorough audits in the world of decentralized finance. The attacker exploited a vulnerability in the emergencyWithdraw() function, which only checked the isSolvent variable and disregarded the debt amount. By carefully navigating through the various steps, the attacker managed to make a profit of approximately $8.5 million in stablecoins, causing significant damage to the protocol and its users.

    This incident serves as a reminder that even well-designed protocols can have unforeseen vulnerabilities. It is crucial for DeFi projects to implement stringent security practices, regularly update their code, and undergo comprehensive audits by reputable firms. To ensure the highest level of security and protection for your DeFi project, consider partnering with a trusted auditing firm like BlockApex for thorough and reliable smart contract audits. By taking these precautions, projects can minimize the risk of such hacks and foster a safer ecosystem for all participants.

    More Hack Analysis

    Orion Protocol - February 4, 2023

    The attackers exploited a reentrancy vulnerability in the Orion Protocol's core contract, ExchangeWithOrionPool, by constructing a fake token (ATK) with self-destruct capability that led to the transfer() function.

    Harvest Finance Hack Analysis & POC

    Harvest finance got hacked for around $34M due to a flashloan attack which manipulated the price in the Curve pool to retrieve more USDT tokens than originally deposited USDT amount in fUSDT pool.

    Dforce Network - February 13, 2023

    The attack on dForce network had significant consequences for the platform and its users. By exploiting a reentrancy vulnerability in the wstETH/ETH pool on Curve and the dForce wstETH/ETH Vault, the attacker was able to manipulate the virtual price of the pool, which in turn affected the oracle used by the dForce wstETH/ETH Vault

    Jimbo's Protocol - Monday, May 28, 2023

    Jimbo's Protocol is a decentralized finance (DeFi) system built on the Arbitrum chain. The protocol uses a semi-stable floor price for its ERC-20 token, $JIMBO, backed by a treasury of Ether (ETH). However, despite its pioneering efforts to maintain on-chain liquidity and price floors, Jimbo's Protocol recently faced a Flash loan attack.

    DeFiGeek Community JAPAN - Hack Analysis (Apr 17, 2023)

    On Apr 17, 2023. The DeFiGeek Community fell victim to a security breach in which an attacker exploited a flash loan vulnerability, causing the loss of 10 ETH (valued at over $20,000) from their DeFiGeek Community Pool Dai (fDAI-102

    LEVEL FINANCE - May 2, 2023

    The Level Finance hack significantly affected the platform and its users, as the attacker managed to steal $1.1 million in referral rewards. This breach undermined trust in Level Finance and raised concerns about the security of similar DeFi platforms.

    SushiSwap - April 9, 2023

    On April 9, 2023, SushiSwap suffered a security breach which led to a loss of over $3.3 million. The attack exploited a flaw in the RouteProcessor2 contract of SushiSwap's router processor. The fallout was felt across several major chains that had previously authorized the RouteProcessor2 contract.

    Beanstalk Hack Analysis & POC (Apr 17, 2022)

    Beanstalk protocol got hacked for around $74M through exploiting the governance mechanism & stealing all the BEANS & Curve LP tokens stored in the Beanstalk protocol.

    Rari Capital Hack Analysis & POC

    Rari capital got hacked for around $79M through a classic re-entrancy attack. Rari is a fork of compound finance which had this bug fixed earlier. It is not the first time Rari has been a victim of a hack.

    1 2 3
    Designed & Developed by: 
    All rights reserved. Copyright 2023