Uranium Finance Exploit Resulting in a $57.2 Million Loss

April 28, 2021

Summary #

On April 28, 2021, Uranium Finance, a BSC-based decentralized exchange, was exploited due to a calculation error bug in its v2 pair contracts, which had been forked from the Uniswap v2 code. The bug allowed an attacker to swap minimum amount of the input token for 98% of the total balance of the output token, leading to massive losses. Uranium Finance had discovered the potential vulnerability but failed to prevent the attack:

While doing a review of the various low level risks identified by BSC Gemz audit, the dev team became concerned that a potential critical exploit existed even though it hadn’t been caught before and the code had been running unattacked for the last ~10 days without incident, having accumulated over 80m in TVL.
~ Uranium Finance’s Post Mortem

Source

Attackers #

The attacker’s identity remains unknown. The following addresses were involved in malicious actions:

Attacker Address on BSC and Ethereum:

Malicious Contract:

0x2b528a28451e9853f51616f3b0f6d82af8bea6ae.

Losses #

Uranium Finance suffered a loss totaling $57.2 million, broken down as follows:

34k WBNB ($18M)
17.9M BUSD ($17.9M)
1.8k ETH ($4.7M)
80 BTC ($4.3M)
26.5k DOT ($0.8M)
638k ADA ($0.8M)
5.7M USDT ($5.7M)
112k U92

Source

Timeline #

April 16, 2021, 6:34 AM UTC: The Uranium team migrated the contract to v2, which introduced the bug that facilitated the exploit.
April 28, 2021 3:02 AM UTC: The attacker interacted with the pair contracts and drained the reserves.
April 28, 2021, 3:22 AM UTC: Uranium Finance announced the news of the hack.
April 29, 2021: Uranium Finance published a post mortem of the incident, explaining that the bug had not been recognized as a critical issue during multiple audits, but the team has discovered a possible high severity issue right before an attack.
March 6, 2023, 11:02 PM UTC: The exploiter mixed 2,253 ETH through TornadoCash.

Security Failure Causes #

Contract Bug: A simple mathematical error in the pair contracts, introduced during the v2 update, allowed the attacker to drain almost all tokens. The error permitted a disproportionately large output from token swaps.

Unsuccessful Bug Mitigation: Although the Uranium team became aware of the potential exploit, their attempted solutions, such as liaising with BSC for assistance or considering a whitehat attack, were not effective.

Potential Insider Involvement: Suspicion arises from the sudden removal of the Uranium Contracts repository from Github, as well as the coincidence of the exploit occurring on the day they intended to fix the bug through the v2.1 update.

Market Health Metrics API

Benford's Law

Volume distribution analysis

Time-of-Trade

Buy/Sell Ratio

VWAP

Attack Types

Entity Types

Target Entities

51% Attacks

Custodian Attacks

Flash Loan Attacks

Lockout Scams

Phishing Attacks

Reentrancy Attacks

Rug Pull Scam