Welcome to the Zellic Security Roundup, a monthly security-focused newsletter covering valuable security news and analysis in Web3.

This month will be focused on a bug found in our recent security assessment of Beefy Finance, our recent research including a look into two critical issues discovered in certain forks of Gains Network, and the latest news in Web3 security.

Cool Finds at Zellic

What’s the finding? This bug would have allowed an attacker to buy tokens from the strategy contract at close to the original price andI sell them back at an inflated price.

Audit: Beefy UniswapV3

Timeline: The decentralized, multichain yield optimizer Beefy approached Zellic to perform a security assessment on their UniswapV3 strategy’s code. During the assessment, we uncovered 11 total findings (one critical, two high impact, two medium impact, five low impact, and the remaining finding informational). This is a look at one of those findings.

Description of the bug:  We found this bug in the strategy contract that generates yield from its holdings of two assets by providing them as liquidity to the Uniswap pool. To protect against price-manipulation attacks, the strategy contract had an onlyCalmPeriods modifier, intended to prevent certain actions after too large price changes:

This code intended to check that the current price is within, for example, 1% of the time-weighted average price (TWAP). However, the check is done using the ticks, which are the logarithms of the prices.

If the TWAP is far from 1, this allows a much larger change in price in practice. If the two assets use different decimals, there can be very large or small prices. For example, for DAI/USDC, this check would have allowed a 31.83% change in price, much more than the intended 1%.

Impact of the bug: Liquidity is provided close to the current tick. Deposits or withdrawals from the strategy contract trigger a full withdrawal of the liquidity position from the Uniswap pool, followed by a new liquidity provision.

An attacker can thus profit by moving the price far from the original price:

1. The attacker trades in one direction, moving the price in the Uniswap pool significantly away from the real price.

2. The attacker interacts with Beefy’s strategy contract, causing it to add liquidity at the current, incorrect, and widely manipulated price.

3. The attacker trades back to the original price.

This allows the attacker to buy tokens from the strategy contract at close to the original price and later sell them back at an inflated price. As the attacker needs to pay fees, they must manipulate the price far enough to make a profit. Since the unintended large price deviation made this attack profitable under realistic assumptions, we considered this a critical issue. See 3.1 and 4.1 of our report for more details.

How we found the bug: These types of price-manipulation attacks are always a particular concern for projects like this. Since onlyCalmPeriods is very important to prevent such attacks, we unpacked the math behind it.

Essentially, the price deviation was checked in an exponent (price <= twap^1.01) rather than multiplicatively (price <= tawp*1.01). This implied in particular that the check depended on the units used to denote the price. For example, the price of one USD stablecoin measured in another would be 1 when using the same decimals, in which case no deviation from the TWAP would be allowed by the check. If instead, one stablecoin had 12 decimals more than the other, then a deviation of 31.83% would be allowed. But how many decimals of precision tokens are bookkept should be an implementation detail, not have a financial impact. Thus this indicated a bug.

Fix for the bug: We recommended checking for additive deviation from the twapTick (equivalent to a multiplicative change of the price) rather than a multiplicative change of the tick (equivalent to an exponential change of the price). We also assisted Beefy in setting parameters for the check (i.e., what amount of change in price would be unsafe).

Zellic Research & Writing

Issues in Certain Forks of Gains Network

Zellic Security Advisory

How is Groq so Fast? An Overview of Groq’s TSP Architecture

An overview of Groq's (surprisingly easy to read) whitepaper

Zellic Wins $1M From DARPA in the AI Cyber Challenge

DARPA awarded Zellic $1M in the AI Cyber Challenge's Small Business Track

Signal's Usernames and Ristretto Hashes

A look into Signal's use of Ristretto hashes and zero-knowledge proofs for usernames

In the News

In Q1 2024, ~$739.7M was stolen in crypto with February being the month with the highest financial impact of $405.3M according to Cyvers.

ZKasino, a crypto betting platform and blockchain casino, vested $33M in ether into $ZKAS tokens diverting from their original plan of allowing investors to redeem their ether to, “provide a seamless transition and superior user experience,” according to the project.

Zest Protocol was hacked on 4/11/24 for around $1M, this write-up focuses on the Clarity smart contract language, features of Zest Protocol, and the attack process.

ZachXBT produced a comprehensive breakdown on the Lazarus Group and how they laundered $200M from 25+ hacks during 2020 - 2023.

Google sued a group of alleged scammers that uploaded fraudulent apps to the Google Play Store, “with promises of high returns from investing in crypto and other products”.

Founders of the mixing service Samourai Wallet have been arrested for money laundering and unlicensed money transmitting offenses.

A former security engineer was charged with three years in prison for hacking two separate exchanges and stealing over $12M.

Consensys to sue the SEC alleging that the SEC does not have jurisdiction on the grounds that crypto tokens are not securities.

The a16z crypto research and engineering teams released their initial implementation of Jolt, “a new approach to SNARK design that is already up to 2x faster than the state of the art”.

Stripe will begin to accept cryptocurrency payments starting with USDC, this will be the first time that Stripe has taken cryptocurrency payments since 2018.

The Security Alliance (SEAL) announced SEAL-ISAC, their latest initiative that provides actionable intelligence to help organizations protect themselves from emerging threats.

Meet Up With Us

We’ll be at the following conference in May. If you’d like to set up 1:1 time with our team, then reach out to sales@zellic.io for scheduling!

• Consensus 2024 - Austin, TX (May 29 - 31)

Recent Zellic Audit Reports

Definitive Audit Report: Definitive is a DeFi gateway for institutional clients, providing smart vaults for yield management, trading, and leverage.

Astroport Pair XYK Sale Tax Audit Report: Astroport prioritizes flexibility, combining various specialized pool types and routing seamlessly across them.

EtherFi Audit Report: EtherFi is a decentralized, non-custodial liquid re-staking protocol built on Ethereum, allowing users to stake their Ethereum and participate in the DeFI ecosystem without losing liquidity.

Celestia BlobstreamX Audit Report: Blobstream relays commitments to Celestia’s data root to an on-chain light client, enabling EVM developers to create high-throughput L2s as easily as they develop smart contracts.

Zellic Art