{"id":24314,"date":"2024-11-28T15:42:26","date_gmt":"2024-11-28T15:42:26","guid":{"rendered":"https:\/\/mycryptomania.com\/?p=24314"},"modified":"2024-11-28T15:42:26","modified_gmt":"2024-11-28T15:42:26","slug":"decoding-morphoblues-230k-exploit","status":"publish","type":"post","link":"https:\/\/mycryptomania.com\/?p=24314","title":{"rendered":"Decoding MorphoBlue\u2019s $230K Exploit"},"content":{"rendered":"<h3>Overview<\/h3>\n<p>On October 13, 2024, the Morpho PAXG\/USDC market was exploited due to a misconfigured oracle. This vulnerability allowed the attacker to withdraw $230,000 USD by exploiting an inflated gold valuation caused by a miscalculated SCALE_FACTOR in the price oracle. The issue arose due to an incorrect understanding of decimal differences between PAXG and USDC\u00a0tokens<\/p>\n<h3>About Project<\/h3>\n<p><a href=\"https:\/\/morpho.org\/\">Morpho<\/a> (formerly known as Morpho Blue) is a decentralized protocol enabling the overcollateralized lending and borrowing of crypto assets (ERC20 &amp; ERC4626 Tokens) on the EVM. The protocol is implemented as an immutable smart contract, engineered to serve as a trustless base layer for lenders, borrowers, and applications.<\/p>\n<h3>Exploit Details<\/h3>\n<p>Vulnerable Contract Address: <a href=\"https:\/\/etherscan.io\/address\/0xBBBBBbbBBb9cC5e90e3b3Af64bdAF62C37EEFFCb#code\">0xBBBBBbbBBb9cC5e90e3b3Af64bdAF62C37EEFFCb<\/a><\/p>\n<p>Attack Transaction\u00a0:\u00a0<a href=\"https:\/\/etherscan.io\/tx\/0x256979ae169abb7fbbbbc14188742f4b9debf48b48ad5b5207cadcc99ccb493b\">0x256979<\/a><\/p>\n<p>Attacker Address\u00a0: <a href=\"https:\/\/etherscan.io\/address\/0x02DBE46169fDf6555F2A125eEe3dce49703b13f5\">0x02DBE46169fDf6555F2A125eEe3dce49703b13f5<\/a><\/p>\n<h3>Attack Process<\/h3>\n<p>The attacker identified a misconfiguration in the oracle price calculations for the PAXG\/USDC market.<\/p>\n<p>The oracle incorrectly valued PAXG due to a mismatched SCALE_FACTOR.<\/p>\n<p>The SCALE_FACTOR was miscalculated because of a 12-decimal difference between USDC (6 decimals) and PAXG (18 decimals).<\/p>\n<p>This caused PAXG to be overvalued by a factor of 10\u00b9\u00b2, setting gold\u2019s price at $2.6 trillion.<\/p>\n<p>Using the inflated price, the attacker deposited only $351 worth of PAXG tokens into the vulnerable market.<\/p>\n<p>Exploiting the inflated collateral value, the attacker borrowed $230,000 in\u00a0USDC.<\/p>\n<p>The attacker successfully withdrew the borrowed USDC, causing a significant loss to the protocol.<\/p>\n<h3>The Root\u00a0Cause<\/h3>\n<p>The SCALE_FACTOR for the oracle price calculations was incorrectly configured during the market creation process. Decimal differences between the tokens (PAXG with 18 decimals and USDC with 6 decimals) were overlooked, resulting in a 12-decimal inflation in PAXG\u2019s valuation.<\/p>\n<h3>Flow of\u00a0Funds<\/h3>\n<p>See the funds flow\u00a0<a href=\"https:\/\/app.blocksec.com\/explorer\/tx\/eth\/0x256979ae169abb7fbbbbc14188742f4b9debf48b48ad5b5207cadcc99ccb493b\">here<\/a>:<\/p>\n<h3>How could they have prevented the\u00a0Exploit?<\/h3>\n<p>Implement automated checks to ensure decimal consistency between base and quote tokens when configuring oracles.Implement limits on borrowable amounts based on absolute collateral values to prevent over-collateralization due to oracle\u00a0errors.Engage with reputable audit firms like QuiilAudits to conduct comprehensive security audits and fix potential vulnerabilities before they can be exploited.<\/p>\n<h3>Why QuillAudits?<\/h3>\n<p>Choosing a reputable audit firm like <a href=\"https:\/\/www.quillaudits.com\/smart-contract-audit\">QuillAudits ensures that your protocol undergoes rigorous scrutiny<\/a> from experienced security professionals. QuillAudits specializes in uncovering critical vulnerabilities and providing actionable remediation strategies. Our expertise helps safeguard your project from attacks, ensuring that security issues are addressed proactively.<\/p>\n<p><a href=\"https:\/\/medium.com\/coinmonks\/decoding-morphoblues-230k-exploit-6296565ced40\">Decoding MorphoBlue\u2019s $230K Exploit<\/a> was originally published in <a href=\"https:\/\/medium.com\/coinmonks\">Coinmonks<\/a> on Medium, where people are continuing the conversation by highlighting and responding to this story.<\/p>","protected":false},"excerpt":{"rendered":"<p>Overview On October 13, 2024, the Morpho PAXG\/USDC market was exploited due to a misconfigured oracle. This vulnerability allowed the attacker to withdraw $230,000 USD by exploiting an inflated gold valuation caused by a miscalculated SCALE_FACTOR in the price oracle. The issue arose due to an incorrect understanding of decimal differences between PAXG and USDC\u00a0tokens [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-24314","post","type-post","status-publish","format-standard","hentry","category-interesting"],"_links":{"self":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts\/24314"}],"collection":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=24314"}],"version-history":[{"count":0,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts\/24314\/revisions"}],"wp:attachment":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=24314"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=24314"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=24314"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}