Nexus Mutual Bug Bounty Matching Program Pays $200,000 To Whitehat
NOTE: The Nexus Mutual bug bounty matching program has been discontinued.
The Nexus Mutual trial bug bounty matching program has just provided its first matching payout as part of its partnership with Immunefi: a $200,000 payout to an anonymous whitehat for finding a critical vulnerability in Yearn Finance that has since been patched. No funds were lost. This means the whitehat earned a total of $400,000 for their responsible disclosure, $200,000 of which was from Yearn’s bounty payout.
This inaugural payout from Nexus Mutual, a decentralized insurance alternative, is a success story and represents a win for everyone involved.
First, Nexus Mutual’s bug bounty matching program helps to prevent claim events by stopping hacks from happening in the first place. Second, a bigger rewards means that the whitehat is further incentivized to disclose a vulnerability, rather than exploiting it, which encourages other hackers in the ecosystem to responsibly disclose. We’ve seen in the past that reward size really does matter, especially given funds at risk. Third, the project itself wins, having been saved from being exploited. Yearn is now that much more secure than they would have otherwise been.
The way the program works is that a list of pre-determined Nexus Mutual-covered protocols are eligible for the matching program. Yearn Finance was one of them.
As part of this trial program, Nexus Mutual allocated 2500 NXM, approximately $200,000, to the payout pool, and provided 1:1 matching at a maximum of $200,000 per valid critical bug report. This amount is enough to cover the maximum of a single payout, which has now been reached.
This matching program only applies to critical vulnerabilities, as defined by Immunefi’s severity classification system or the projects’ own bug bounty program. All payments are made in NXM and executed directly by the Nexus Mutual Community Fund.
The vulnerability, which was rated critical, consisted of an issue with the Single Sided Balancer (SSB) vaults–specifically in the way the vault decided the number of BAL tokens to sell (LP tokens for Balancer). The bug has since been patched, and no funds were lost. The way it worked is that the SSB USDT Strategy was taking a spot price of Balancer LP token for USDT, but there wasn’t proper verification to check if burning BAL was returning enough of the USDT. As the pool was imbalanced, the Strategy burned more BAL than it should.
Before selling the yvUSDT, the attacker could take a flashloan of DAI or USDC to imbalance the pool. The attacker could then flash-borrow yvUSDT (this was the only vulnerable vault, due to the amount of liquidity on BentoBox) and withdraw everything. Such a large withdrawal would pull funds out of multiple strategies, including the SSB USDT strategy, which the attacker is actually interested in. Due to the pool being imbalanced, the strategy burns more LP tokens just to return to the user the amount of USDT that they want to withdraw. Later, the attacker can balance the pool again, taking a profit in USDT and depositing back everything to the Yearn vault.
The step-by-step guide to exploiting the now-patched bug is as follows:
1. Flash borrow yvUSDT and DAI from BentoBox
2. Buy USDT with DAI at Balancer to imbalance the pool
3. Withdraw from yvUSDT. Withdrawal will sell more Balancer LP tokens due to imbalanced pool
4. Buy DAI back with USDT to get a profit. (Pool is slightly more balanced because of previous step)
5. Deposit back to yvUSDT
6. Repay flashloanFor more details of the vulnerability, see Yearn Finance’s post here.
