BlockSec researchers identified a vulnerability in ParaSpace’s NFT lending protocol. The bug threatened a loss of 2,900 ETH and an undisclosed amount of BAYC tokens.
1/ There is a flawed logic in borrow() of the ParaProxy contract (0x638a) of @ParaSpace_NFT . The attacker can borrow more tokens as his scaledBalance will be enlarged by depositing into the position of the proxy (0xC5c9), i.e., specifying the _recipient of depositApeCoin(). https://t.co/Z4e1QOpLg3 pic.twitter.com/fkd96nAPHb
— BlockSec (@BlockSecTeam) March 17, 2023
Experts found that a potential attacker would only need to perform six steps to borrow uncollateralized funds.
2/ Specifically, the scaledBalance is calculated with the following formula: sharesAmount.mul(_getTotalPooledApeBalance()).div(totalShares), while _getTotalPooledApeBalance() could be manipulated.
In total, there are 6 key attack steps. pic.twitter.com/kvEpHqPNP5
— BlockSec (@BlockSecTeam) March 17, 2023
The ParaSpace team said they detected suspicious activity and paused the protocol.
We noticed a suspicious transaction, and as a security measure, we have paused the entire ParaSpace protocol.
Currently, no transactions (withdrawals, deposits, liquidations) can take place with our contracts.
We are currently investigating and will provide you with an update… https://t.co/3vrIciVF5C
— ParaSpace (@ParaSpace_NFT) March 17, 2023
The findings of the investigation will be published later.
«We can confirm that all NFTs supplied to the protocol are safe and have not been liquidated», — the team assured.
We can confirm that all NFTs supplied to the protocol are safe and have not been liquidated.
BAYC:
NFT Staking Pool: https://t.co/yg0ZalDK3n
P2P Contract: https://t.co/Xvh8ndYofnMAYC:
NFT Staking Pool: https://t.co/HKjZoUr2Nc
P2P Contract: https://t.co/AvAhjgOrQG… https://t.co/1nj1B9B2Nk— ParaSpace (@ParaSpace_NFT) March 17, 2023
As a reminder, in 2022 the Web3-industry suffered losses from hacks amounting to about $3.6 billion. This is almost 50% higher than the year before, Beosin researchers estimated.