Full Report
The contract CvxRewardDistributor was exploited for 210K in value. This contracts job is to mint rewards for eligible stakers. When calling claimMultipleStaking on the contract, there is a parameter called claimContracts to specify the address of the staking contract to call. This parameter is used to make a call to a contract to get the amount of tokens that should be minted for the user. The address was missing input validation though. So, an attacker was able to create their our contract with the same interface to tell the contract to mint an arbitrary amount of funds. At this point, the protocol was effectively rugged. The most interesting part was that this product had FOUR audits. So, how did this simple bug get through? It didn't! While trying to do gas optimizations AFTER the audits, the vulnerability was introduced. Yikes... don't do gas optimizations after four reviews.
Analysis Summary
# Incident Report: Convergence Finance CvxRewardDistributor Exploit
## Executive Summary
On August 1, 2024, Convergence Finance’s `CvxRewardDistributor` contract was exploited due to a lack of input validation in a reward-claiming function. The attacker leveraged a malicious contract to trigger the unauthorized minting of 58 million CVG tokens, resulting in a total loss of approximately $210,000. The vulnerability was inadvertently introduced during post-audit gas optimizations.
## Incident Details
- **Discovery Date:** August 1, 2024 (immediately following the exploit)
- **Incident Date:** August 1, 2024
- **Affected Organization:** Convergence Finance
- **Sector:** Decentralized Finance (DeFi)
- **Geography:** Global / Ethereum Blockchain
## Timeline of Events
### Initial Access
- **Date/Time:** August 1, 2024
- **Vector:** Smart Contract Parameter Manipulation
- **Details:** The attacker targeted the `claimMultipleStaking` function. By exploiting a lack of input validation on the `claimContracts` parameter, the attacker provided the address of a malicious contract they had previously deployed.
### Lateral Movement
- **N/A:** As a smart contract exploit, the attack was a direct interaction with the protocol's logic on-chain rather than a network breach.
### Data Exfiltration/Impact
- **Token Minting:** The malicious contract returned inflated values to the distributor, causing the protocol to mint 58,000,000 CVG tokens (the entirety of the staking emissions allocation).
- **Secondary Theft:** Approximately $2,000 in unclaimed rewards from Convex were also drained.
- **Liquidity Drain:** The attacker swapped the newly minted tokens in liquidity pools, crashing the token value and realizing ~$210,000 in gain.
### Detection & Response
- **How it was discovered:** On-chain monitoring and sudden CVG price collapse.
- **Response actions taken:** Protocol team released a public post-mortem and advised users to withdraw assets from the platform.
## Attack Methodology
- **Initial Access:** Smart Contract interaction (Public API).
- **Persistence:** Not required; the exploit was an atomic transaction.
- **Privilege Escalation:** Exploiting the "Mint" permission granted to the `CvxRewardDistributor` contract.
- **Defense Evasion:** Use of a malicious contract with matching function signatures (`claimCvgCvxMultiple`) to mimic legitimate staking contracts.
- **Impact:** Financial loss via unauthorized minting and subsequent dumping of tokens.
## Impact Assessment
- **Financial:** ~$212,000 total loss ($210k CVG + $2k Convex rewards).
- **Data Breach:** None (Standard blockchain transparency).
- **Operational:** The Stake DAO integration rewards contract was rendered non-functional/broken.
- **Reputational:** High; the protocol had undergone four audits, but the flaw was introduced after the final review.
## Indicators of Compromise
- **Contract Address (Malicious):** Not explicitly named in text, but utilized via `claimMultipleStaking` parameter.
- **Transaction Hash:** `0x636be30e58acce0629b2bf975b5c3133840cd7d41ffc3b903720c528f01c65d9`
- **Affected Contract:** `0x2b083beaaC310CC5E190B1d2507038CcB03E7606` (CvxRewardDistributor)
## Response Actions
- **Containment:** Developers identified the broken contract logic.
- **Eradication:** Protocol paused or advised withdrawal as the contract was "rugged" of its emission supply.
- **Recovery:** Promised fixes for the Stake DAO integration and future communications regarding the protocol's restructuring.
## Lessons Learned
- **Post-Audit Delta:** The vulnerability was introduced during gas optimization *after* four security audits. Changes made to code after an audit must be re-reviewed.
- **Input Validation:** Never trust user-supplied addresses for external contract calls without comparing them against an allow-list (Registry pattern).
- **Optimization Risks:** Optimization should never come at the expense of established security checks (stripping "redundant" validation code for gas savings).
## Recommendations
- **Immutable White-lists:** Implement a registry of authorized staking contracts that the `CvxRewardDistributor` can interact with.
- **Regression Testing:** Ensure security properties are part of the automated testing suite to detect when a validation line is removed.
- **Continuous Audit:** Any code changes, regardless of how minor they seem (like gas optimization), should trigger a peer review or a supplemental audit.