Analysis of the Reentrancy Attack Incident on Orion Protocol

On February 2, 2023, OrionProtocol suffered a reentrancy attack on Ethereum and Binance Smart Chain, resulting in a loss of approximately $2.9 million. The attacker exploited a contract vulnerability to steal 2,844,766 USDT on the Ethereum chain and 191,606 BUSD on the Binance Smart Chain.

Attack Process

The attacker first created a custom Token contract and performed relevant transfer and authorization operations. Subsequently, the attacker borrowed through the swap method of a certain DEX and called the ExchangeWithAtomic.swapThroughOrionPool method for token exchange. The exchange path included the address of the Token contract created by the attacker.

During the exchange process, due to the callback mechanism in the attacker's Token contract, the attacker is able to continue calling the ExchangeWithAtomic.depositAsset method through Token.Transfer, thereby enabling a reentrancy attack. This results in the deposit amount being repeatedly accumulated, and ultimately the attacker profits through the withdrawal operation.

Capital Flow

The attacker's initial funds came from the hot wallet account of a certain trading platform. Out of the profit of 1,651 ETH, 657.5 ETH still remain in the attacker's wallet address, while the rest have been transferred through a mixing service.

Vulnerability Analysis

The core issue of the vulnerability lies in the doSwapThroughOrionPool function. This function calls the _doSwapTokens function, which updates the curBalance variable after the transfer operation. The attacker exploited the callback functionality added in the transfer function of a custom Token, calling the depositAsset function again before curBalance was updated, leading to an incorrect update of curBalance. Ultimately, after repaying the flash loan, the attacker withdrew additional funds through the withdraw function.

Prevention Suggestions

To prevent similar attacks, it is recommended that project parties pay attention to the following points when designing contracts:

1. Consider the unexpected situations that may arise from various tokens and multiple exchange paths.
2. Follow the "Checks-Effects-Interactions" coding pattern, which means first perform condition checks, then update state variables, and finally execute external calls.
3. Use reentrant locks before and after critical operations to prevent reentrant attacks.
4. Perform security verification on the Token contracts for external calls.
5. Regularly conduct code audits and security testing to promptly identify and fix potential vulnerabilities.

By taking these measures, the project can significantly enhance the security and stability of the contracts, minimizing the risk of being attacked.