(5/8/21) Rari Capital Exploit Timeline & Analysis

3 min readMay 9, 2021

Rari Exploiter address (same address as Value Defi exploiter on BSC): https://etherscan.io/address/0xcb36b1ee0af68dce5578a487ff2da81282512233
Exploiter net gain: ~2600 ETH (~$10M)

On Saturday May 8th 1:48PM UTC, an exploiter started a series of transactions to Rari Capital’s Ethereum Pool contract and was able to exploit ~2600 ETH in the process that lasted for ~50 minutes.

High-level Exploit Analysis

Rari Capital’s Ethereum Pool contract calculates the ibETH/ETH exchange rate by using the ibETH.totalETH()/ibETH.totalSupply() calculation from the ibETH contract, which can lead to incorrect assumption (e.g. during the work function call, where debt value gets updated towards the very end).
ibETH is the interest-bearing ETH token on Alpha Homora, which represents user’s share of the ETH lending pool.
Alpha Homora is intentionally designed to support untrusted strategies, as long as certain invariant holds at the end (e.g., the position’s collateral value > debt value).

Exploit & Action Timeline

1:48PM +UTC Rari Exploiter started executing the exploit
2:15PM +UTC We were notified about a suspicious transaction both by
PeckShield
team and our own monitoring tool. Peckshield team and us individually started investigating the transactions.
2:22PM +UTC Peckshield and us confirmed that something is not right about those transactions and this definitely is an exploit. We started gathering all our team members and continued with the the investigation.
2:29PM +UTC Peckshield team figured out the potential cause of the exploit, and we then worked towards pausing the exploiter actions.
2:34PM +UTC Actions to Alpha Homora were temporarily paused, to prevent any further damage from the exploiter. We continued to investigate the damage and who’s affected.
NOTE: The exploiter transactions started reverting. $6M was saved.
2:37PM +UTC Peckshield team and us came to a quick conclusion that Alpha Homora funds are safe and Rari funds are at loss.
2:43PM +UTC We quickly notified the Rari team while we worked towards finding the root cause of the issue.
2:55PM +UTC Rari Capital team also withdrew all funds from ibETH to prevent any further potential damage.
2:57PM +UTC War room was created with several parties to help with the investigation.
3:06PM +UTC An announcement on Alpha’s Twitter was made to inform that funds on Alpha Homora is safe.
3:20PM +UTC We continued working to make sure no further exploit on Rari Capital is possible if we re-enable Alpha Homora.
5:15PM +UTC Activities on Alpha Homora is re-enabled after the final confirmation that there will be no more potential issues on Rari Capital.

The Exploit Technical Analysis

The exploit comes in a set of 2 (repeated) transactions:

Tx 1 ("`work"` call to Alpha Homora):

Exploiter flashloans 59k ETH from dYdX.
Exploiter puts flashloaned 59k ETH into Rari ETH pool (using the correct ibETH/ETH conversion rate), obtaining REPT (Rari’s ETH share).
Exploiter calls Alpha Homora Bank’s work function with custom encoded data.
Homora Bank calls strategy with the custom data, which encoded an evil fToken contract.
Strategy calls the fake safeApprove function in the evil fToken contract, which does the following, instead of actual token approval: (1) Transfer 2k ETH to Bank contract → ibETH/ETH rate is temporarily inflated.(2) Reentrant call into Rari ETH Pool contract to withdraw the transferred 59k ETH. The amount of REPT used is slightly less due to inflated ibETH/ETH rate.
Exploiter repays flashloaned 59k ETH to dYdX.
The transferred 2k ETH is transferred back at the end of the transaction from Homora Bank to the exploiter.
Exploiter nets profit in ~30 REPT from difference in step 2. & 5.