WOOFi sPMM exploit post-mortem
A brief incident recap
At 15:49 UTC on March 5th, the sPMM algorithm that controls the pricing on WOOFi Swaps was exploited on Arbitrum. The exploit consisted of a sequence of flash loans that took advantage of low liquidity to manipulate the price of WOO in order to repay the flash loans at a cheaper price.
The exploiter borrowed ~7.7M WOO as well as some other assets and sold the WOO into WOOFi. At this point WOOFi’s sPMM incorrectly adjusted WOO to an extreme price which was close to zero, and the exploiter then swapped out 10M WOO in the same transaction with almost no cost. The exploiter repeated this attack 3 times within a very short period of time, which netted about $8.75m in profits after returning the flash loans.
The exploit was immediately picked up by several teams, including Hypernative, Chainalysis, Wintermute, and many members of the Security Alliance (SEAL911). The large swaps had also been picked up by WOOFi’s internal transaction monitoring system, and by 16:02 UTC, WOOFi Swap’s smart contracts had been paused, and a full investigation had begun.
About synthetic proactive market making (sPMM)
WOOFi’s sPMM algorithm differs from conventional AMMs in that it works in tandem with WOOFi's on-chain oracles to simulate the price, spread, and depth of the orderbook on centralized exchanges.
In WOOFi v2’s design, the sPMM will override the oracle price according to the notional value of users’ trades in order to adjust slippage and keep the pools in a more balanced state. Unfortunately, a previously unidentified error resulted in the price being adjusted far outside of the expected range ($0.00000009), and the fallback check, normally executed against Chainlink, didn’t cover the WOO token price.
Since first launching in 2021, WOOFi’s sPMM had been incident-free, largely due to a conservative approach to listing new assets. Initiating this exploit with major assets like ETH would be nearly impossible. However, the recent addition of a lending market for WOO on Arbitrum, plus relatively low liquidity support for WOO tokens elsewhere on the network, made the exploit economically feasible. WOOFi Swap is deployed on 10+ networks, but no other network had both the WOO token and a WOO lending market, which prevented the same exploit from being replicated.
Other WOOFi contracts, including WOOFi Stake, Earn, and Pro, were unaffected and remain fully functional. Should any WOOFi Earn depositors wish to withdraw any funds, they can do so as usual.
Next steps for WOOFi Swap
Efforts to recover these funds have already been initiated, with a 10% whitehat bounty extended to the exploiter. Additionally, a bounty has been placed on Arkham Intelligence for anyone who can provide additional information. We can be reached at woofi-bounty@woo.org.
While we fix the contract and secure additional audits, WOOFi Pro, Stake, and Earn remain unaffected and fully operational. Our goal is to resolve the issue with WOOFi Swap v2 and redeploy within 2 weeks, while continuing our plan to release the v3 version later this spring. We will work with top security firms to ensure these vulnerabilities are identified at an earlier stage. This is the first time an incident like this has happened to us, and we want to make sure it doesn't happen again.
On that note, special thanks must be extended to all the parties that worked to support us, including:
- Aiham of Silo Finance
- The team at Chainalysis
- Igor Igamberdiev of Wintermute
- Dan Caspi and @0xVazi of Hypernative
- Daniel VF of Origin Protocol
- Niv of Hexagate
- The team at Arkham Intelligence
- @storming0x
- @pcaversaccio
- Tony of fuzz.land
- and many others who undoubtedly worked behind the scenes to provide us with information and ideas as soon as possible.