Full Report
Platypus Finance is an AMM protocol on the Avalanche blockchain. It has asset liability management and swapping capabilities. In February of 2023, they introduced USP, a new stablecoin. MasterPlatypusV4 is the Masterchef-like orchestrator. The emergencyWithdraw() function allows for main contract to withdraw their LP tokens from a given pool without caring about rewards. The contract literal has "EMERGENCY ONLY" within the code lolz. When performing this operation, the only check on the function is whether the user is solvent enough. What does this do? It validates that the user's debt is less than equal to the USP borrow limit. The better question is "what doesn't this do?" The contract does not check if the user has taken out funds via a loan. Because of this, an attacker can withdraw their collateral and keep the funds from their loan. Yikes! In the real attack, $8.5M in assets was stolen. To perform this attack, an attacker can take the out a flash loan. Once they do this, they deposit the funds into the Platypus pool for LP tokens. TODO....
Analysis Summary
# Incident Report: Platypus Finance $8.5M Stablecoin Exploit
## Executive Summary
On February 16, 2023, Platypus Finance, an AMM protocol on the Avalanche blockchain, suffered an exploit resulting in the loss of approximately \$8.5 million in stablecoin collateral. The breach was caused by a logic flaw in the `emergencyWithdraw()` function within the `MasterPlatypusV4` contract, which allowed an attacker to withdraw collateral associated with USP loans without first repaying the underlying debt.
## Incident Details
- Discovery Date: February 16, 2023 (Inferred from attack date)
- Incident Date: February 16, 2023
- Affected Organization: Platypus Finance
- Sector: Decentralized Finance (DeFi) / Automated Market Maker (AMM) Protocol
- Geography: Avalanche Blockchain
## Timeline of Events
### Initial Access
- Date/Time: February 16, 2023 (Attack transaction occurred around this time)
- Vector: Logic Vulnerability in Smart Contract Function
- Details: The attacker utilized complex steps, including initiating a flash loan, to borrow a significant amount of USP (Platypus' stablecoin).
### Lateral Movement
*No traditional lateral movement occurred as this was a direct smart contract interaction exploit.*
### Data Exfiltration/Impact
- Date/Time: Immediately following malicious function calls.
- Vector: Exploitation of `emergencyWithdraw()` function.
- Details: The attacker executed the `emergencyWithdraw()` function to remove their deposited LP tokens (collateral) without the required solvency check ensuring the repayment of borrowed USP. This left the protocol responsible for the outstanding USP debt, effectively stealing the value of the deposited collateral. Approximately \$8.5M in assets was stolen.
### Detection & Response
- Detection: The incident was detected upon observation of the unauthorized asset withdrawal transaction on the Avalanche blockchain.
- Response Actions: Details on immediate internal response were not fully detailed but typically involve community announcements, pausing contracts (if possible), and engaging with the security community.
## Attack Methodology
- **Initial Access:** The attacker leveraged a significant supply of USP, acquired via a flash loan on an external protocol (AAVE, as suggested by the PoC outline), and then deposited collateral to mint more USP.
- **Persistence:** N/A (Single transaction exploit)
- **Privilege Escalation:** N/A
- **Defense Evasion:** The core defense mechanism—the solvency check—was bypassed due to a flawed implementation in the withdrawal function.
- **Credential Access:** N/A
- **Discovery:** Reconnaissance likely involved auditing the Platypus Finance smart contract codebase, specifically identifying the weak checks around the `emergencyWithdraw()` function.
- **Lateral Movement:** N/A
- **Collection:** The target was the LP token collateral backing the minted USP.
- **Exfiltration:** LP Tokens were withdrawn. The borrowed USP was then swapped for existing liquidity in other stablecoin pools within Platypus.
- **Impact:** Draining protocol liquidity/collateral backing the USP stablecoin.
## Impact Assessment
- **Financial:** \$8.5 million in stablecoin collateral stolen.
- **Data Breach:** None (No personal identifiable information was targeted).
- **Operational:** Significant loss of trust and liquidity within the Platypus Finance protocol.
- **Reputational:** High negative impact within the DeFi community due to a critical logic flaw.
## Indicators of Compromise
*No network or file IoCs are relevant for a decentralized smart contract exploit. Behavioral indicators are focused on contract activity.*
- **Behavioral Indicators:** Execution of `emergencyWithdraw()` by a user with outstanding USP debt, where the resulting state implies the debt was not settled.
## Response Actions
*Specific emergency response details were not provided in the text, but standard DeFi remediation would include:*
- **Containment:** Reviewing and potentially pausing vulnerable contract functions or stopping related pooling activities.
- **Eradication:** Post-mortem analysis and identifying the exact lines of code causing the failure (completed by the analysis provided).
- **Recovery:** Deploying patched contracts and developing a plan for reimbursing affected users (not detailed in the source).
## Lessons Learned
- **Insufficient Logic Checks:** The primary lesson is that abstraction layers, like the "solvency check" in `_isSolvent`, must comprehensively cover all potential exit paths. The `emergencyWithdraw()` function failed to ensure that withdrawing collateral did not decouple the user from their corresponding collateralized debt position (CDP).
- **Misleading Comments:** Code comments suggesting a function is "EMERGENCY ONLY" do not inherently secure it; the actual security controls must be robust regardless of the intended use case.
- **Flash Loan Risk:** The exploit chain utilized a flash loan, demonstrating how instant capital injection can be used to manipulate solvency checks in a single atomic transaction.
## Recommendations
- **Comprehensive Review of Withdrawal Logic:** All functions allowing collateral withdrawal (standard or emergency) must strictly enforce debt settlement or collateral locking proportional to outstanding loans.
- **Use Formal Verification:** Employ formal verification tools on critical functions like withdrawals and minting to mathematically prove the absence of logical contradictions regardless of the sequence of external calls (like flash loans).
- **Strict State Checks:** Ensure that solvency checks compare the actual required collateral balance against the existing debt, rather than relying on a pre-calculated limit that can be manipulated instantly.