SlowMist: Orion Protocol was attacked because the functions of the contract exchange function did not implement re-entry protection

According to the intelligence of the SlowMist security team, on February 3, 2023, the contracts of the Orion Protocol project on the Ethereum and BNB Chain chains were attacked, and the attackers made a profit of about 3.027 million US dollars. The SlowMist security team shared the following in the form of a newsletter: 1. The attacker first called the depositAsset function of the ExchangeWithAtomic contract to make a deposit, depositing 0.5 USDC tokens to prepare for the following attack; 2. The attacker quickly loaned out 2.8447 million USDT Tokens, and then call the doSwapThroughOrionPool function of the ExchangeWithAtomic contract to exchange tokens, the exchange path is [USDC -> ATK (malicious token created by the attacker) -> USDT]; 3. Because the result of exchange is through ExchangeWithAtomic contract after exchange The balance of USDT tokens in the contract minus the balance of USDT tokens (2,844,700 pieces) in the contract before conversion, but the problem is that after USDC is converted into ATK, the transfer function of ATK tokens will be called. This function is maliciously constructed by the attack. Call the depositAsset function of the ExchangeWithAtomic contract by attacking the contract to deposit the 2.844 million USDT tokens obtained from the flash loan into the ExchangeWithAtomic contract. At this time, the deposit of the attack contract in the ExchangeWithAtomic contract was successfully recorded as 2.8447 million and the balance of USDT tokens in the ExchangeWithAtomic contract was 5.689 million, so that the amount of USDT tokens exchanged by the attacker was calculated as 568.9 after exchange. 10,000 minus 2,844,700 before exchange equals 2,844,700; 4. After the exchange, USDT tokens will finally update the ledger used by the attack contract in the ExchangeWithAtomic contract by calling the library function creditUserAssets, resulting in the attack contract finally being in USDT in the ExchangeWithAtomic contract 5. Finally, the attacker calls the withdraw function in the ExchangeWithAtomic contract to withdraw the USDT, and after returning the flash loan, the remaining 2.836 million USDT tokens are exchanged for WETH to make a profit. The attacker also launched an attack on the BNB Chain using the same method, and made a profit of 191,000 US dollars; the root cause of this attack is that the function of the contract exchange function does not have re-entry protection, and the value of the ledger deposit is updated again after the exchange is It is calculated based on the difference in the token balance in the contract before and after the exchange, causing the attacker to use fake tokens to re-enter the deposit function to obtain more tokens than expected.