You are currently viewing Classic opening for a reentrancy attack — Agave DAO and Hundred Finance Heist |  by Harbor |  Coinmonks |  Sep 2022

Classic opening for a reentrancy attack — Agave DAO and Hundred Finance Heist | by Harbor | Coinmonks | Sep 2022

Reentrancy vulnerabilities involving contracts from different parties, each individually protected but systematically weak, may be found as DeFi becomes more complex.

On the Gnosis (xDai) network, Agave DAO and Hundred Finance are forks of Aave and Compound, respectively. Agave DAO and Hundred Finance were both hacked on March 15, 2022, in a matter of minutes.

The official bridged tokens on Gnosis were deemed non-standard as the hook that called the token receiver on each transfer made hacking conceivable and allowed the reentrancy attack on both protocols.

The official bridge that the Gnosis Chain uses generates tokens that have an onTokenTransfer() hook. After a token is sent to an address, the hook is called. Now, when a token is transferred to an address(contract), it checks to see if a contract’s onTokenTransfer() fallback is present.

The token will call the contracts onTokenTransfer() function if the fallback is detected. As a result, the contract being called gains control over the transaction and is free to do whatever it likes. And the risk begins! Because the control has come to the contract being called.

This hook was designed to be made to work by the bridge contract to stop users from unintentionally sending tokens to the bridge.

Hundred Finance

  • The attacker gathers 2.09 million USDC and 3.37 million WXDAI thanks to the fast loan.
  • The attacker contract works on the linked contract 2 and transfers 1.2 million USDC of flash loan to attack contract 2.
  • Contract 2 pledges 1.2 million USDC in the Hundred Finance contract.
  • Contract 2 borrows 1.06 million USDC, 59.99 million hUSDC, 16 WBTC, and 24 WETH from the Hundred Finance contract.
  • The attacker moved a portion of the loan funds obtained by contract 2; 1.06 million USDC was transferred to contract 1, and 6 WBTC and 24 WETH were sent to the attacker’s wallet address.
  • At this time, a total of 1.96 million USDC were attacked on contract 1.

They borrowed the first asset and before the system recorded their debt, they reentered and borrowed the second asset as well.

Contract 5 borrows 1.2 million USDC and 67.93 million hUSDC from the Hundred Finance contract after pledging 1.35 million USDC in the Hundred Finance contract through contract 5.

In the end, the attacker pays back the loan fees and the flash loan.

Finally, Transfer the 3.62 million USDC that was just earned to the attacker’s wallet.

The attackers succeeded in profiting.

The attacker’s loan is not recorded in a global variable when the transfer is finished.

The attacker uses the callAfterTransfer method of the PermittableToken contract, which is called by the doTransferOut transfer method in this case, to call back and activate the borrowing method of the subsequent loan, ie, to re-enter the borrowing method and continue borrowing.

Since the attacker’s loan’s global variable is not updated during the loan transfer, the attacker can leverage the callback in the transfer method to keep lending to the project’s other loan pools.


Agave is an awesome fork of the lending protocol aave. It strictly adheres to the aave code. Both aave and its code are secure. There are no known bugs in it.

But, agave was used in an unsafe way unintentionally.

The attacker set up this contract with three callable functions.
In blocks 21120283 and 21120284, they directly communicate with agave via the contract.

They group multiple transactions together in block 21120284. Getting a flash loan in wETH from sushiswap first, then buying more wETH and depositing it.

As told above, the weth contract on the GC, however, differs from a normal weth contract.

A new token contract is created for each new token brought over the bridge.

The attacker borrows as much as they can against the Weth after depositing it.

The attacker uses the liquidate function of Agave, which initiates a callback to their contract via the callAfterTransfer function.

And because the callAfterTransfer function runs before the attacker’s debt is calculated (which would stop future borrowing), the attacker is able to call borrow several times.

As told above, global variable is not updated.

The attacker walked away with these assets: 2,728.9 WETH 243,423 USDC 24,563 LINK 16.76 WBTC 8,400 GNO 347,787 WXDAI

Closing Words

Exploits on Agave and Hundred Finance were disclosed less than a day after hackers stole $3 million in cryptocurrency from the well-known Defi protocol Deus Finance.

The Deus Finance infiltrators used a reentrancy issue to continuously borrow against the same collateral.

It is a subject of concern for the testing sector and the developers to obliterate known vulnerabilities in the wake of these three attacks.

After the scenario, Harbor Emphasize that using the teams should exercise caution when non-ERC-20 token contracts and make sure they are compatible.

To prevent problems like this in the future, it is also crucial to verify whether the contract amounts should be recorded prior to token transfers and that the Checks Effects-Interactions rules must be followed.

New to trading? Try crypto trading bots or copy trading

Leave a Reply