On January 16, 2024, Socket Tech was attacked, causing a loss of approximately US$3.3 million. The attacker took advantage of a vulnerability in the data verification link of a Socket contract and stole user funds of the authorized contract through malicious data input. This attack caused losses to a total of 230 addresses, with the largest single address loss of approximately $656,000.

Background introduction

Socket is a platform that serves cross-chain security and efficient data and assets. Transport interoperability protocol. The Socket Gateway contract is the access point for all interactions with the Socket liquidity layer, where all asset bridges and DEXs converge into a single meta-bridge and select the best transactions based on user preferences such as cost, latency or security routing.

Three days before the hacker attack, the Socket contract administrator executed the addRoute command and added a new route to the system. The purpose of adding routing was to extend the functionality of the Socket Gateway, but it inadvertently introduced a critical vulnerability.

The picture below shows the record of routing added through the contract administrator

Outline of the event

< p style="text-align: left;">1. At 15:03 on January 16, Beijing time, the attacker’s wallet transferred the funds used for the attack. Our time analysis shows that the funds came from 0xe620, which is the same as from Tornado Cash. About 10 BNB withdrawn.

p>

2. These funds were used to create and execute two contracts to exploit Socket vulnerabilities. The first contract targeted USDC in an address authorized to SocketGateway (screenshot below); 127 victims were defrauded of approximately $2.5 million.

p>

3. Next, the second contract targets WETH, USDT, WBTC, DAI and MATIC in the victim's address. As a result, another 104 victims lost the following assets:

- 42.47526105 WETH

- 347,005.65 USDT

- 2.88962154 WBTC

- 13,821.01 DAI

- 165,356.99 MATIC

4. The attacker converts USDC to USDT Became ETH.

p>

Source of the vulnerability

The vulnerability exploited by the attacker exists in the newly added routing address routeAddress in the performAction function.

The original function of the performAction function in this address is to assist Wrapping and Unwrapping functions. However, a critical vulnerability appears in this function: the user directly calls external data through swapExtraData in .call() without verification, which means that the attacker can execute arbitrary malicious functions.

p>

In this incident, the attacker created a malicious swapExtraData input that triggered the transferFrom function. The malicious call exploited the user's authorization to the SocketGateway contract and stole funds from them.

Although the contract will ensure that the user's balance will change correctly after fromToken.call() is called by checking the balance check, this function does not consider the amount set by the attacker. is 0.

p>

Restore the attack process

1. Using the attack contract, the attacker is on the Socket Gateway contract 0x00000196() was called.

p>

2. fallback() uses hexadecimal signature 196 to call the vulnerable routing address contract (routerAddress).

p>

3. In the screenshot below, we can see the fake input used by the attacker, and the Swapping number is all 0.

p>

4. WrappedTokenSwapperImpl.performAction() will be called next to perform Swap.

p>

5. The fake SwapExtraData is accepted and executed by fromToken (WETH) without any verification.

p>

6. The attacker repeats the above process until the victim's assets are exhausted. After the malicious transaction appeared, Socket quickly called disableRoute, blocking the previously vulnerable route and preventing a wider range of attacks.

7. On January 23, Socket announced that it had recovered 1,032 ETH, and announced on the 25th that it would fully compensate all losses. This incident has been resolved.

p>

Event summary

In a routing contract with unlimited user authorization, malicious calldata attacks are not rare. Previous similar attacks include Dexible and Hector Bridge. On February 17, 2023, the decentralized exchange Dexible was attacked, causing losses of more than $1.5 million. The exploiter inputs malicious calldata into Dexible's fill() function to steal user assets. On June 2, 2023, the Hector network’s protocol was attacked. The attacker deployed a fake USDC contract and transferred 652,000 real USDC from the victim's contract through malicious calldata.

Blockchain aggregation platforms usually improve liquidity and reduce losses by encapsulating a series of bridge and routing contracts. However, this complex encapsulation creates more security challenges. We are pleased to see that the Socket incident can be resolved. CertiK will continue to be committed to providing comprehensive auditing and testing for the platform, reducing various aggregation risks, and improving community trust and the security level of the entire industry.