In the ever-evolving world of Web3, the significance of security cannot be overstated. Despite bear market conditions, the alarming surge in DeFi hacks and scams has raised concerns. Countless victims have sought assistance after losing their hard-earned money, underscoring the gravity of the issue and the critical need for preventive measures.
Our blockchain platform was established in 2021 with support from prominent investors and customers. It offers various products, including Phalcon Explorer, which is widely used by security researchers to analyze transactions. Additionally, the platform provides the MetaDock and MetaSleuth, which are available free of charge to the community.
The importance of security in Web3 is evident, as even during the bear market conditions, the rise in DeFi hacks and scams is concerning. The increasing number of victims reaching out for help after losing their money demonstrates the seriousness of the issue and the need for assistance to prevent bankruptcy caused by such attacks.
DeFi hacks are common today due to several reasons.
When discussing protocol security, many people think of code audits as the primary solution for DeFi protocols. However, code audits alone are not sufficient due to their high cost and time-consuming nature. Qualified auditing services are expensive, and the process can take several months, making it impractical for some protocols with time constraints.
Moreover, there is a scarcity of qualified auditors in the space, leading to a lack of available expertise. Consequently, some protocols are forced to go live without comprehensive security measures, which may result in unaddressed vulnerabilities and potential threats.
In order to ensure the security of DeFi protocols, a proactive approach is crucial. This means that protocols cannot simply be deployed and left unattended. They need to actively monitor the ongoing activities within the protocol and be prepared to respond automatically to any potential attacks.
The importance of this proactive approach is heightened in Web3 compared to Web2, for the following reasons.
Consequently, the unique properties of Web3 make it easier for harmful attacks on protocols and users to happen, while simultaneously making it harder to trace and identify the attackers.
We have developed a prototype system called Phalcon Block in the blockchain industry. Since February 2022, we have been actively exploring ways to overcome certain challenges associated with DeFi hacks, going beyond code audits.
Phalcon Block empowers us to closely monitor transactions in the blockchain. By monitoring these transactions and automatically responding to them, we can reconstruct the underlying technology by replaying the attack transactions and replicating the essential logic of the attack contract.
This process allows us to synthesize a new rescue smart contract. We can then send rescue transactions to ensure that our transactions are faster and placed on the blockchain ahead of the attack transactions. By leveraging this approach, we have the potential to completely block the attack transactions by acting faster and gaining a leading position within the blockchain.
The key aspect of this mechanism or system is how it automatically reconstructs attack transactions and "attack" contracts. The fundamental idea is to consider what is most important in attack transactions and attack smart contracts—the critical elements being the attack logic within the smart contract.
Though the basic idea is simple, it is not as straightforward in practice. We face a series of technical challenges. The most significant point is how to handle the reuse of basic blocks within smart contracts. Compilers often utilize block reuse to generate smaller code, which is a common practice in code size reduction. Throughout this process, we were inspired by the concept of binary code rewriting, a technique that has been used and developed for over two centuries, if not longer. Therefore, we leverage this idea and apply it to the technique of bytecode rewriting.
By leveraging our system, we have successfully prevented multiple protocol attack transactions and recovered substantial liquidity losses. For instance, we managed to recoup $5 million in losses for ParaSpace this year and we recovered $3.8 million for Saddle Finance last year. In the following discussion, we will highlight representative cases to illustrate how we prevented these transactions.
Let's consider ParaSpace as an example. It encountered an attack in March this year, but the attackers made critical errors. They failed to allocate sufficient gas, resulting in the transaction being reverted. We monitored and identified this transaction on the blockchain. We then automatically synthesized a similar rescue contract. After executing our rescue contract on the blockchain, BlockSec successfully recovered the $5 million loss for ParaSpace.
Another case is Platypus, which faced an attack in February this year. Exploiting a vulnerability in the smart contract, the attackers found an entry point to exploit the Platypus DeFi protocol. However, they overlooked setting up the logic to withdraw funds from the compromised contract. Consequently, the hackers encountered a challenge: how to extract the remaining $2.4 million from the compromised contract?
In this scenario, BlockSec possesses an internal system that automatically disassembles the attack contract. Through heuristic methods, we conducted a comprehensive analysis of the attack smart contract, uncovering intriguing features.
First, we found that the flash loan callback in this contract was exposed. Second, the Platypus pool contract had been granted approval for USDC. The pool contract can be upgraded to utilize the approval from the attacked contract to withdraw the remaining USDC. By sharing this idea and PoC with the protocol, we helped them successfully retrieve $2.4 million from the attack contract.
Another case involves Transit Swap, which was targeted by an MEV bot. We discovered that the MEV bot's address was generated by a flawed tool called Profanity. Exploiting the vulnerability in this tool, we calculated the private key of the MEV bot and retrieved the funds to reimburse the protocol.
We think to improve the efficiency of this system requires careful thought and strategic actions.
BlockSec possesses a range of tools for contract analysis and disassembly, employing heuristic methods to conduct meticulous bytecode analysis. All these measures are aimed at constructing a comprehensive system and delivering an effective product.
In the dynamic realm of Web3, security is of utmost importance. With the rise of DeFi hacks, it is imperative to adopt a proactive approach and leverage innovative systems like Phalcon Block to protect protocols and users. By continually pushing the boundaries of security measures, we strive to enhance the safety and integrity of Web3, paving the way for a secure and prosperous decentralized future.