Sonne Finance Exploited: A Detailed Analysis

Olympix
4 min readMay 17, 2024

--

Introduction

On May 14, 2024, Sonne Finance, a non-custodial DEX operating on the Optimism network, experienced an exploit that resulted in an approximately $20 million loss. This article analyzes the exploit, digging into the details of the attack to learn valuable lessons and improve the security of DeFi protocols in the future.

Attack Method

The attacker exploited a well-known vulnerability in Compound v2 forks called the “donation attack.” This attack involves manipulating the collateral factors of a lending pool to inflate the value of deposited collateral. This allows the attacker to borrow large funds without providing sufficient real value as security. This time, however, the vulnerability was exploited due to a misalignment in the execution timing of critical transactions.

Timeline and Execution

Proposal for VELO Markets

Sonne Finance passed a proposal to integrate VELO markets. The transactions were scheduled on a multi-sig wallet with a 2-day timelock.

Transaction Scheduling

Critical transactions, including the c-factor adjustments, a collateral factor meant to limit borrowing, were scheduled to execute after the timelock period.

Exploit Execution

The exploiter anticipated executing these transactions and executed four transactions right when the timelock ended, setting up the markets. Subsequently, they executed the c-factor increase transaction.

A look at one of the transaction event logs using Optimism Ether Scan.

Exploitation

Post-setup, the attacker leveraged the increased c-factors to exploit the protocol, siphoning off roughly $20 million.

A quick look at the attack transaction using EtherScan.

An Attempt to Recover the Stolen Funds

The Sonne Finance team sent an on-chain message to the exploiter, offering them a 10% bounty in exchange for transferring 90% of the stolen funds to the protocol to preserve its user’s interests.

Sonne Finance’s on-chain message transaction to the exploiter.

Impact and Aftermath

The exploit resulted in the loss of approximately $20 million. The Sonne Finance team promptly paused markets and offered a bounty to the attacker in exchange for the return of funds.

Thanks to the vigilance of the Seal911 contributors from the Security Alliance, approximately $6.5 million was salvaged by swiftly adding a minimal amount of VELO to the compromised markets. The Sonne Finance team detected the breach within 25 minutes, initiating an immediate response to pause the markets and prevent further losses.

Investigation

The team is actively investigating the identity of the exploiter, and several related addresses have been identified.

Aftermath

The exploit resulted in the loss of approximately $20 million. The Sonne Finance team promptly paused markets and offered a bounty to the attacker in exchange for the return of funds.

Lessons Learned

Smart Contract Audits

  • Regular security audits by qualified firms can unearth vulnerabilities before attackers exploit them.

Timelock Awareness

  • Carefully consider the implications of timelocks on smart contract functionality.

Building a More Secure Future

By prioritizing secure coding practices, conducting thorough audits, and fostering a collaborative security environment, we can build a more resilient DeFi ecosystem.

Olympix: Your Partner in Secure Smart Contracts

Olympix provides advanced Solidity analysis tools to help developers identify and fix vulnerabilities before they become critical exploits.

Visit our website to learn more.

Join our beta program to fortify your smart contracts and proactively shield them from exploits in the evolving Web3 security landscape.

Connect with us on:

Twitter | LinkedIn | Discord | Medium | Instagram | Telegram | Substack

--

--