DittoETH Protocol Patch Unveils Massive Discount Fee Exploit in DeFi

Decentralized auditing platform Code4rena discovered an exploit in an upcoming patch of the DittoETH algorithmic stablecoin platform. The exploit would have allowed a user with a large amount of tokens deposited to make excessive profits, increasing bad debts in the protocol and ultimately compromising its ability to survive.
The discovery means that the vulnerability will not be added to the production version of DittoETH, as it has been removed through mitigation in a newer test version.
Block, a talent scout for Web3 education company Rare Skills, reported the discovery on X.


Source:
Block
According to its documents, Code4rena is a crowd-sourced auditing platform. Its participants are divided into three groups: sponsors, wardens and judges.
Sponsors are Web3 protocols that offer prizes in exchange for the discovery of vulnerabilities. Wardens compete with each other to discover vulnerabilities in exchange for prize money. Judges adjudicate disputes between sponsors and wardens over whether a vulnerability is real and what its severity is.
Code4rena claims that it does not host “bug county” competitions, which it claims involve “a race to find the biggest one [vulnerability] as fast as possible.” Instead, “Everyone who puts in the effort and finds something valid will be rewarded.”
According to Block, the vulnerability was discovered by Code4rena warden あああああ (“Aaaaa” in Japanese). The DittoETH team initially did not believe that the vulnerability was real but later dropped its objection after Aaaaa presented further evidence.
The vulnerability consisted of a faulty mechanism for distributing stablecoin rewards to depositors in DittoETH’s yDUSD vault.
Users can add the protocol’s native stablecoin, dUSD, to this vault to receive a yield. This yield comes from “discount fees” that are generated on the platform during times when real token prices diverge from their oracle-provided prices. The purpose of this system is to incentivize liquidity providers to add liquidity during times of market stress.
Related:
Bugs in Gains Network fork let traders profit 900% on every trade: Report
Despite containing the word “fee” in the name, discount fees are not paid by anyone. Instead, they are paid out as newly minted tokens and sent to the yDUSD vault. Whenever this happens, the corresponding debt of the platform is also increased in proportion to this amount.
The warden discovered that a mathematical flaw in the “matchIsDiscounted” function could create large amounts of debt from a small amount of trading volume, in contradiction to the protocol’s intended design to only pay out these fees during times of market stress.
In their report, Block stated, “ The key point is that steps 6-9 only occur if the discounted amount exceeds a certain threshold of the total debt. When they do occur, they create new debt based on the entire debt of the system, not just the discounted amount. This is where the root cause of the vulnerability lies, as small discounted trades can lead to disproportionately large new debt creation and token minting.”


Diagram of discount fees system for DittoETH. Source:
Block
.
On July 15, Aaaaa
posted
an explanation of the exploit to the project’s github. In response, DittoETH team members and at least one Code4rena judge initially claimed that the attacker would not be able to create the bad debt because other members would join the pool and “dilute” the attacker’s gains.
However, Aaaaa replied that the attacker cannot be diluted because [d]eposits do not affect how much assets can be claimed by a share.”
Aaaaa also wrote a test in Foundry that simulated the attack and “other users deposit[ing] lots of funds in the vault.” They invited team members to run the test on their own devices.
The test reportedly showed that the attacker profited $20,454.54, creating new debt for the protocol equal to this amount. Presumably, this attack could be repeated for even larger gains.
On July 12, judge Hans Friesse marked the submission as “satisfactory,” indicating that Aaaaa would receive the prize team. The DittoETH representative also dropped their objection, stating “nvm this is valid, good find!”
Magazine:
Crypto whales like Humpy are gaming DAO votes — but there are solutions
The audit concerned a non-production copy of the protocol’s code. But had the vulnerability been missed, it could have possibly been deployed to the blockchain and exploited in the wild.
DeFi exploits can be devastating if vulnerabilities are not caught before they are deployed. In April, the Ronin gaming network bridge
was drained of $9.8 million
after an upgrade introduced a new vulnerability. In March, users of DeFi platform Unizen lost over $2 million when an “approved” vulnerability in the production copy of the platform
was discovered by an attacker
.