In Soldity, msg.value is a global variable that represents the amount of ether sent along with a function call. The msg.value variable is commonly used when handling payments in smart contracts and to verify if the user has sent enough money along with the contract. This works as expected in simple contracts, but as code grows in complexity various security considerations emerge. The msg.value variable persists within its scope, so any kind of looping logic will read the same total value regardless of how the ether sent has been used. Attackers can leverage this in order to apply the same ether payment to multiple functions, essentially double counting their payment.
A potentially catastrophic exploit of this nature was caught and fixed in SushiSwap before any funds were stolen. In 2021 SushiSwap had implemented a bidding contract for auctions that utilized the BoringBatchable library to submit batches of delegateCalls to other contracts within the system. The critical flaw overlooked by the SushiSwap team is that msg.value persists across delegateCalls. This allowed an attacker to submit a batch of bids with one ether payment, submitting bids for free and exploiting the action. The exploit became even more serious when combined with the contract's refund function. By counting the same msg.value payment multiple times, the attacker could manipulate the contract state to make it seem like they had deposited a large fortune of money, and then request it back as a refund, stealing all the ether that had been legitimately deposited by other users.
Fortunately, the exploit was found and remedied before any attack can be made. This episode in 2021 illustrates how even a blue chip exchange like SushiSwap can push code with vulnerabilities, and the risks associated with handling global variables within complex logic where their scope can become obfuscated.
To read about the experience of the original auditor in finding this exploit, click here
No comments:
Post a Comment