Early morning on Tuesday 29 September an arber/hacker found an exploit with the brand new Eminence (EMN) system that allowed them to do a flash loan and arb out $15m profit. In this post, I will go over exactly how they did it.
The arb was split over three identical transactions. We will just look at one which you can view on etherscan here.
Note: I will use attack and arb during this post rather than hack because it is not dissimilar to many other arbs that happen every day. What makes this one ‘worse’ is that it drained most of the pool leaving the victims with nothing.
The Logic
The way EMN works is that it is a Continuous Erc20 Token with an unlimited supply. You mint EMN by sending DAI to the smart contract and getting EMN in exchange. The more you buy the more expensive it gets as EMN calculates its price by an equation based on two inputs: the total supply in the world of EMN and the DAI it is holding.
Let’s go over that again. When you mint EMNS, it calculates the ratio of DAI it holds to the ratio of EMNS in the world to give you a price.
This concept works fine provided that the only way to increase or reduce the global supply of EMNS is through the buy or sell function directly within the main contract which also changes the balance of DAI. Unfortunately this is not the case with EMN.
You can also reduce the global supply of EMN by minting an eminence currency. In the transaction above the attacker used eAAVE. When you mint eAAVE you destroy EMN, reducing the global supply. But you don’t reduce the amount of DAI held by the EMN contract. Therefore falsely increasing the price of EMN.
The attacker did this:
Here is how it looks in etherscan:
The attacker repeated this transaction three times, netting over $15m.
On a slightly happier note he later returned $8m.
How The Arber Could Have Made More Money
The arb was actually sub-optimal because of the way they used flash loans. The attacker used Uniswap which charges a little over 0.3% of the total value borrowed in fees. In the transaction list, you can see that he paid back 15,045,255 DAI. 45,255 DAI more than he borrowed. Over the three transactions, the attacker spent over $135k on Uniswap fees.
DyDx is another place you could use for a flash loan and charges no fees. The attacker probably didn’t use it because it does not have $15m of DAI available and they would have had to borrow ETH, which would have added an extra step to using Compound to convert it to DAI. Maybe they were in a rush to do the arb worried someone else would find the vulnerability.