Comunicado 004 (reporte detallado)

Para entender mejor el ataque realizado es necesario dar un contexto de como funciona el exchange rate dentro de Tropykus. 

Contexto: ¿Qué es y cómo se calcula el Exchange Rate entre kTokens and los tokens subyacentes?

En Tropykus cuando hay un depósito o un retiro, hay una transferencia de kTokens al protocolo (al retirar) y desde el protocolo (al depositar). 

En cualquier mercado, el exchange rate inicial del mercado es 0.02, el cual aumenta con el tiempo acumulando rendimientos para los usuarios.

La ecuación para este tipo de cambio es: kTokens = underlyingToken / tasa de cambio.
Por ejemplo, en el mercado DOC, si un usuario deposita 100 DOC, el protocolo transfiere 5000 kDOC (100 / 0.02 DOC) al usuario.

Si un usuario desea retirar 20 DOC del protocolo, transfiere 1000 kDOC al protocolo y recibe 20 DOC del protocolo.

Tasa de cambio personalizada para el mercado kSAT

El mercado kSAT de Tropykus fue diseñado como un mercado subsidiado con un límite de mercado de depósitos de 0.025 RBTC por usuario y una tasa de interés de depósito prometida de al menos 3% APY.

Para lograr esto, se diseñó un mecanismo de tasa de cambio personalizada para cada usuario, a diferencia de cualquier otro mercado en el protocolo que tiene una tasa de cambio única para todos los usuarios.

Cálculo de la tasa de cambio
La tasa de cambio cambia continuamente con los movimientos del mercado y se puede calcular con la siguiente ecuación, excepto para kSAT:

Para el mercado kSAT, cada usuario debe calcular su propia tasa de cambio teniendo en cuenta las siguientes variables:

ESR_YEAR [Tasa de Suministro Esperada por Año] = aprox. 3%
DELTA = Bloque actual - bloque en el que el usuario realizó su último depósito
BLOCKS_PER_YEAR = 1051200 para RSK
ESR_BLOCK = ESR_YEAR / BLOCKS_PER_YEAR
ESR_B_DELTA = Tasa de suministro esperada por bloque con delta = ESR_BLOCK x DELTA
CURRENT_UNDERLYING: Total de depósitos del usuario en el momento del cálculo
INTEREST_FACTOR = 1 + ESR_B_DELTA
REAL_AMOUNT = INTEREST_FACTOR x CURRENT_UNDERLYING
kTOKENS_BALANCE = Saldo de kSAT del usuario

Entonces,  TASA_DE_CAMBIO = REAL_AMOUNT / kTOKENS_BALANCE

Detalles del ataque:

Todo ocurrió en una sola transacción. Durante esta transacción, el atacante depositó 0.005 RBTC a cambio de 0.25 kSAT.
El atacante transfirió 0.125 kSAT a un contrato inteligente recién implementado.
El atacante canjeó 0.004999999999999999 RBTC a cambio de 0.125 kSAT, lo que hizo que el Underlying actual sea solo 1e-18 RBTC y llevó su saldo de kSAT a 0.
El atacante recibió 0.125 kSAT del contrato de explotación auxiliar.

El atacante calculó su nueva tasa de cambio:

DELTA = 0 (todo ocurre en el mismo bloque)
CURRENT_UNDERLYING = 1e-18 RBTC
INTEREST_FACTOR = 1
REAL_AMOUNT = 1e-18
kTOKENS_BALANCE = 0.125 kSAT
TASA_DE_CAMBIO = 1e-18 / 0.125 = 8e-18

El atacante depositó 0.004999999999999999 RBTC.
Con la nueva tasa de cambio, creó 624999999999999.9 kSAT que utilizó como colateral.
Tomó un préstamo de 96,963 DOC. 
Tomó un préstamo de 2.367860906706913 RBTC.
Cambia una parte de lo prestado a rBTC
Hace el bridge 5.9 rBTC a BTC 
Otra parte lo cambia a 5022 USDT
Hace el bridge a Ethereum

Esto es el resumen de los detalles de la incidencia que sucedió en Tropykus el miércoles 14 de junio. Esperamos que esta explicación haya aclarado la situación en detalle. A partir de este análisis continuamos con las soluciones  que permitan habilitar el protocolo de manera segura lo antes posible. 

Si tiene información adicional sobre el ataque o el atacante, por favor comuníquense al correo diego@tropykus.com

English version

The objective of this communication is to explain in detail the attack that Tropykus received on June 14, 2023.

The attack was carried out through the KSAT market (referred to as rBTC micro on the platform) in a single transaction that was executed in the same block but included several internal transactions.

kSAT Contract: 0xd2ec53e8dd00d204d3d9313af5474eb9f5188ef6

The exploiter transaction: https://explorer.rsk.co/tx/0x6e3a34e58cf8187df5c9ed2461390e36cc83d8889b1cd00c5292c2ae481ec58d

1. Deposit 0.005 RBTC (125 USD)
2. Receive 0.25 kSAT
3. The attacker deployed the smart contract 0x75BBF25996A63c79d12f1f66684f0d20683941dD
4. Transfer 0.125 kSAT (Half of his kSAT balance) to the auxiliary smart contract 0x75BBF25996A63c79d12f1f66684f0d20683941dD
5. Redeem 0.004999999999999999 RBTC from the kSAT market 
6. Receive 0.125 kSAT from the smart contract 0x75BBF25996A63c79d12f1f66684f0d20683941dD
7. Deposit 0.004999999999999999 RBTC into kSAT smart contract
8. Receive 624999999999999.9 kSAT for that deposit
9. Borrow 2.367860906706913 RBTC 
10. Borrow 96963 DOC

To better understand the attack carried out, it is necessary to provide a context of how the exchange rate works within Tropykus.

Context: What is and how is the Exchange Rate between kTokens and the underlying tokens calculated?

In Tropykus when there is a deposit or a withdrawal, there is a transfer of kTokens to the protocol (on withdrawal) and from the protocol (on deposit).

In any market, the initial market exchange rate is 0.02, which increases over time accumulating returns for users.

The equation for this exchange rate is: kTokens = underlyingToken / exchange rate.
For example, in the DOC marketplace, if a user deposits 100 DOC, the protocol transfers 5000 kDOC (100 / 0.02 DOC) to the user.

If a user wants to withdraw 20 DOC from the protocol, he transfers 1000 kDOC to the protocol and receives 20 DOC from the protocol.

Custom exchange rate for the kSAT market

The Tropykus kSAT marketplace was designed as a subsidized marketplace with a deposit market cap of 0.025 RBTC per user and a promised deposit interest rate of at least 3% APY.

To achieve this, a custom exchange rate mechanism was designed for each user, unlike any other marketplace in the protocol that has a single exchange rate for all users.

Exchange rate calculation
The exchange rate changes continuously with market movements and can be calculated with the following equation, except for kSAT:

For the kSAT market, each user must calculate their own exchange rate taking into account the following variables:

ESR_YEAR [Expected Supply Rate per Year] = approx. 3%
DELTA = Current block - block in which the user made his last deposit
BLOCKS_PER_YEAR = 1051200 for RSK
ESR_BLOCK = ESR_YEAR / BLOCKS_PER_YEAR
ESR_B_DELTA = Expected supply rate per block with delta = ESR_BLOCK x DELTA
CURRENT_UNDERLYING: Total user deposits at the time of calculation
INTEREST_FACTOR = 1 + ESR_B_DELTA
REAL_AMOUNT = INTEREST_FACTOR x CURRENT_UNDERLYING
kTOKENS_BALANCE = User's kSAT balance

So RATE_OF_EXCHANGE = REAL_AMOUNT / kTOKENS_BALANCE

Details of the attack:

It all happened in a single transaction. During this transaction, the attacker deposited 0.005 RBTC in exchange for 0.25 kSAT.
The attacker transferred 0.125 kSAT to a newly deployed smart contract.
The attacker redeemed 0.004999999999999999 RBTC in exchange for 0.125 kSAT, making the current Underlying only 1e-18 RBTC and bringing his kSAT balance to 0.
The attacker received 0.125 kSAT from the auxiliary exploitation contract.

The attacker calculated his new exchange rate:

DELTA = 0 (everything happens in the same block)
CURRENT_UNDERLYING = 1e-18 RBTC
INTEREST_FACTOR = 1
REAL_AMOUNT = 1e-18
kTOKENS_BALANCE = 0.125 kSAT
RATE_OF_CHANGE = 1e-18 / 0.125 = 8e-18

The attacker deposited 0.0049999999999999999 RBTC.
With the new exchange rate, he created 624999999999999.9 kSAT which he used as collateral.
He took a loan of 96,963 DOC.
He took a loan of 2.367860906706913 RBTC.
Change a part of the loan to rBTC
Bridges 5.9 rBTC to BTC
Another part changes it to 5022 USDT
Bridge to Ethereum


This is the summary of the details of the incident that happened in Tropykus on Wednesday, June 14. We hope this explanation has clarified the situation in detail. Based on this analysis, we continue with the solutions that allow the protocol to be enabled safely as soon as possible.

If you have additional information about the attack or the attacker, please contact diego@tropykus.com