Culprit behind the Multi Million Dollar Bonq Attack

On 1st Feb 2023, at 18:30 UTC an attacker exploited the Bonq protocol and captured profit in millions of dollars. Here is the attack transaction on Polygon: 0x31957ecc43774d19f54d9968e95c69c882468b46860f921668f2c55fadd51b19.

From initial looks it could be derived that it was a price manipulation attack. The attacker was successfully able to inflate the price of collateral WALBT token exponentially against which he borrowed BEUR tokens.

But how was he able to manipulate the price of WALBT?? Let's dig in.

A quick background on Bonq:

Bonq is an over-collateralized lending platform that allows other projects to borrow against their own tokens. Users can lock up custom project tokens (like WALBT) in a Bonq smart contract (called trove) and mint a low volatility payment coin BEUR, pegged to the Euro.

The Bonq protocol uses Tellor, a Decentralized Oracle Protocol, which incentivizes permissionless data reporting and data validation, ensuring that data can be provided by anyone and checked by everyone. In short, anyone can report offchain data to Tellor oracles and any on-chain contract can consume that data.

Yes, you read it right. Anyone can report any value as the price of a token. The only requirement to be a reporter is to stake 10 TRB tokens (Tellor protocol token). If the reporter reports incorrect price their staked amount (10 TRB) is slashed.

// Code of TellorFlex contract - 0x8f55D884CAD66B79e1a131f6bCB0e66f4fD84d5B
function submitValue(
    bytes32 _queryId,
    bytes calldata _value,
    uint256 _nonce,
    bytes calldata _queryData
) external {
    // ...
    Report storage _report = reports[_queryId];
    StakeInfo storage _staker = stakerDetails[msg.sender];
        _staker.stakedBalance >= stakeAmount,
        "balance must be greater than stake amount"
    // ...
    _report.valueByTimestamp[block.timestamp] = _value;
    _report.reporterByTimestamp[block.timestamp] = msg.sender;
    // ...

At the time of writing this article the price of TRB is close to $17 so by just staking ~$170 the attacker was able to become a reporter for Teller oracle.

After becoming a staker the attacker simply reported a very high number (5e27) as the price of WALBT. That's it, any WALBT token is worth billions of dollars on Tellor and Bonq protocols. Now anyone can come up with small WALBT tokens as collateral and borrow millions from the Bonq protocol against that inflated collateral.

Being an open oracle, Tellor protocol offers both old as well as current prices. Prices which are older are considered as safe as they get validated and scrutinized by other network participants. Any invalid price gets flagged and malicious reporter's staked amount is slashed. But for some reasons Bonq chose to use instant prices from Tellor.

So here is the real culprit:

It was a huge mistake by Bonq to use instant prices instead of the older ones from the Tellor oracle and to consume the reported prices instantly. This helped the attacker to post malicious price and perform the attack which resulted in a loss of millions of user funds.

The same smart contract security lesson got repeated again today which is to "Never rely on instant price updates on-chain". Hope the crypto community will keep the lesson in its memory. That's all for today, see you soon...

Please feel free to provide suggestion/corrections for the article at @akshaysrivastv. Also do checkout my other articles for more alpha.