imBTC Pool on Uniswap stolen and drained

Tokenlon DEX hack

Tokenlon DEX has reported that imBTC pool on Uniswap has been attacked and drained. The hacker made use of attack vector on Ethereum’s ERC777 tokens on Uniswap.

Interestingly, this vulnerability was mentioned on ConsenSys github 16 months back. Simple attack vector on ERC777 with arbitrary code execution during transfer fct on Uniswap to steal more than 300,000 dollars.

Attacker (buyer) can make reentrancy on the first line here.

Assume we have an exchange with a token that worth equally to ETH with liquidity pool equals (100 tokens, 100 ETH)
An attacker creates a fake Exchange (it will be the second exchange in tokenToToken transfers) that will receive ETH from the first exchange and behave like a normal exchange.
The attacker can buy 50 ETH for 100 tokens by using tokenToTokenInput function.
New liquidity pool should be (200 tokens, 50 ETH) but since the attacker makes reentrancy on assert self.token.transferFrom(buyer, self, tokens_sold) it will still be (200 tokens, 100 ETH).
While making reentrancy the attacker can buy 49.999 ETH for about 200 tokens using tokenToEthSwapInput.
After that, the liquidity pool should look like (400 tokens, 0.001 ETH)
Now the attacker can buy all the tokens for a very small amount of ETH.

The Bitcoin in custody is not impacted. Tokenlon DEX has paused imBTC transfers for now. Their team is evaluating the situation and will notify when transfers are restored.

It shall be noted imBTC transactions and trading on Tokenlon have now been restored. Trading on Tokenlon is and was not impacted.

Watch out for this space as more information becomes available from Tokenlon DEX in coming days.