Arkadiko Swap Detailed Post Mortem

Yesterday, we identified a hostile attacker who exploited a bug in Arkadiko Swap that managed to drain some part of the liquidity in the STX/USDA pool.

The hacker made off with 400k STX and 740k USDA which is around 1.5 million USD worth of assets at the time of writing. This was around 25% of the total value of the STX/USDA liquidity pool. Other pools on the Swap were not affected and have no lost funds.

All other parts of the protocol such as Vaults, Staking Module and stDIKO are unaffected by this attack. Since we have disabled Arkadiko Swap for now, the protocol is not completely functional until we relaunch a patched version. Note that a new Swap contract will have to run through governance in order to be deployed, which takes 10 days.

Thanks to a swift response by the Arkadiko team, the exploit was identified and used to safeguard the remaining liquidity. All remaining funds are safe since last night.

Early this morning, the Arkadiko devs deployed a secondary contract that enabled the burning of USDA tokens held by the attacker address. This removed 740k USDA from circulation, preventing the hacker from using this in the future. This halves the current liability of the protocol to its liquidity providers.

This is the address that holds all the funds that the team secured from the dysfunctional Swap contract: SPABAGDXT8KS0CA48BFXBTAJCYX4YF11TJ8KS8XD

https://explorer.stacks.co/address/SPABAGDXT8KS0CA48BFXBTAJCYX4YF11TJ8KS8XD?chain=mainnet

The contract that burned the attackers USDA balance:

https://explorer.stacks.co/txid/0x1f2f9b3161c8d0b734db23ae3f46f29c7410fcf336e58182ff09adb23234bdee?chain=mainnet

Details of the exploit:

At block #35441, 4 pm UTC October 27 2021, the hacker initiated the following transaction exploiting a bug in the code of Arkadiko Swap:

https://explorer.stacks.co/txid/0x4d78fe328be831db1b68e50c4eab7fc57c328af5f441d40238436893d1b8ee28?chain=mainnet

This is how the exploit worked step by step:

  1. Anyone can create a pair on Arkadiko Swap
  2. To create a pair, a user needs to provide two SIP10 tokens together with an LP token and an initial trading price.
  3. When adding a new pair, the contract did not correctly check that the LP token was a valid one to go with the pair. As a result, an attacker could provide an already existing LP token (in this case wstx-usda) which should not be associated with the new Token X and Token Y.
  4. Through step 3, the attacker minted a high amount of legit LP tokens on a bogus pair and immediately pulled their position again, draining STX & USDA.
  5. This resulted in the attacker receiving underlying assets from LP tokens that were minted at zero cost.
Line 189 is the source of the bug and what enabled the exploit

What’s next?

From this point on and until further notice, Arkadiko Swap will be entirely disabled. This means LPs will not be able to access their underlying assets until we deploy a new version of the Swap that has the vulnerability patched.

We originally wanted to keep DIKO rewards for LP Staking intact. Unfortunately, there is still the possibility of minting fake LP tokens to receive an unfair share of emissions. Therefore, LP Staking rewards have been disabled. We are looking for a way to compensate for the lost emissions. This process of removing the additional attack vector on LP Staking is what delayed the release of this post until it was mined into the blockchain.

We are still deciding on how to cover the lost funds and how to relaunch the Swap and continue the full operation of the protocol. We will update all of you ASAP on this.

The team regrets the situation and wishes it could have been avoided. We have always been transparent about the nature of Arkadiko protocol, it being experimental beta software that should be treated with the highest form of caution as there were and are a lot of risk factors involved. We have done plenty of public and private testing and did a full code audit. Both of these preventive measures missed the bug. We hope this event can serve as a warning of what the worst case scenario could look like if the attacker was able to seize a larger amount of the liquidity. Building and using DeFi protocols is not for the faint of heart and while there can be great opportunities there are also possible downsides such as what we are experiencing here.

Arkadiko is not the first and will also not be the last protocol to get exploited resulting in negative protocol debt. The team is internally discussing a way to make up for the loss. We are committed to restoring Arkadiko to a functional version again, resuming the upward trajectory that the project was on before the hack.

From the hacker’s behaviour we suspect him to be a black hat. The stolen STX was sent to multiple exchanges and his funds have already been frozen and could in a best case scenario be recovered. We are in touch with the exchanges and will update the community if any or all of these funds can be recovered.

To the hacker we would like to propose to return the assets that were seized. We will offer you a percentage of the stolen funds as a DIKO bug bounty for finding the vulnerability early so the damage could be contained.

We regret deeply that some of you have been affected by this loss of liquidity as your funds will be inaccessible until the protocol resumes full operation. We hope the community will be understanding and see that the team has the best intentions and is working hard to restore the protocol. Early reactions to our hack have been really supportive and we thank you for the continued encouragement.

On towards better times.

The Arkadiko core contributors.

Arkadiko Protocol is a stablecoin (USDA) built on Stacks to bring DeFi to Bitcoin.