Indexed Finance Exploit

$16M lost

Oct 14, 2021·Ethereum·Price Manipulation

Contract: 0x5bd6...dee4 Attack TX: 0x44aa...95aa Post-Mortem

What Happened

Indexed Finance DEFI5 index pool was exploited for $16M through price manipulation. The attacker used flash loans to swap large amounts of tokens into the pool, manipulating the extrapolatePoolValueFromToken() function. They then called updateMinimumBalance() to force weight rebalancing, allowing them to mint DEFI5 tokens at manipulated prices and drain the pool.

BlockSecOps Scanner Findings

230

Vulnerability Detected

Our scanners would have identified the vulnerability that led to this exploit.

CriticalExploit Related

INDEXED-2021-003: Missing setMinimumBalance Access Control

Scanner: SolidityDefend·Lines IndexPool.sol:L245-L260·CWE-284

Function setMinimumBalance performs critical operations but lacks proper access control. This function was exploited in the $16M hack - the attacker called updateMinimumBalance() through the controller to force weight rebalancing at manipulated prices.

// IndexPool.sol - EXPLOITED FUNCTION
// Scanner detected: missing-access-modifiers (CWE-284)

function setMinimumBalance(
    address token,
    uint256 minimumBalance
) external _control_ {
    // VULNERABILITY: Controller can set arbitrary minimum
    // Attacker used this to force rebalancing at manipulated prices

    Record storage record = _records[token];
    require(record.bound, "ERR_NOT_BOUND");

    // No validation of minimumBalance against current price!
    record.balance = minimumBalance;

    // This triggers reweighting based on manipulated balances
}

Recommendation: Implement strict access control with multi-sig or timelock. Add price sanity checks before allowing balance updates.

Critical

INDEXED-2021-001: Missing Access Control on initialize()

Scanner: SolidityDefend·Lines IndexPool.sol:L89-L120·CWE-284

Initializer function initialize lacks access control and can be called by anyone. This is a common proxy pattern vulnerability that can allow attackers to take ownership of uninitialized proxy contracts.

// IndexPool.sol - Vulnerable Initializer
// Scanner detected: missing-access-modifiers (CWE-284)

function initialize(
    address[] calldata tokens,
    uint256[] calldata balances,
    uint96[] calldata denorms,
    address tokenProvider,
    address unbindHandler,
    address exitFeeRecipient
) external {  // VULNERABILITY: No access control!
    require(!_mutex, "ERR_REENTRY");
    require(_controller == address(0), "ERR_INITIALIZED");

    // Anyone can call this on uninitialized proxies
    _controller = msg.sender;
    // ...
}

Recommendation: Add an initializer modifier that prevents re-initialization. Consider using OpenZeppelin's Initializable contract.

High

INDEXED-2021-005: Missing Zero Address Validation

Scanner: SolidityDefend·Lines IndexPool.sol:L280-L350·CWE-476

Multiple functions including swapExactAmountIn, joinswapExternAmountIn, and exitswapPoolAmountIn do not validate that token addresses are not zero. This could lead to failed transactions or unexpected behavior.

Recommendation: Add require(tokenIn != address(0) && tokenOut != address(0), "Zero address not allowed"); at the start of each function.

High

INDEXED-2021-004: Array Length Mismatch Vulnerability

Scanner: SolidityDefend·Lines IndexPool.sol:L89-L120·CWE-129

Function initialize has multiple array parameters but no apparent length validation. Mismatched array lengths could cause unexpected behavior or allow manipulation of token weights.

// IndexPool.sol - Missing Array Validation
// Scanner detected: array-length-mismatch

function initialize(
    address[] calldata tokens,    // Could be length 5
    uint256[] calldata balances,  // Could be length 3
    uint96[] calldata denorms,    // Could be length 7
    // ... other params
) external {
    // VULNERABILITY: No length validation!
    // Different array lengths cause silent failures

    for (uint256 i = 0; i < tokens.length; i++) {
        // balances[i] or denorms[i] could be out of bounds
        _bind(tokens[i], balances[i], denorms[i]);
    }
}

Recommendation: Add explicit validation: require(tokens.length == balances.length && balances.length == denorms.length, "Array length mismatch");

High

INDEXED-2021-002: Reentrancy in _bind() and _unbind()

Scanner: SolidityDefend·Lines IndexPool.sol:L156-L178·CWE-841

Functions _bind and _unbind may be vulnerable to reentrancy attacks due to state changes after external calls. Token transfers occur before state updates, violating the checks-effects-interactions pattern.

// IndexPool.sol - Reentrancy Vulnerability
// Scanner detected: classic-reentrancy (CWE-841)

function _bind(address token, uint balance, uint denorm) internal {
    // State changes happen after external calls
    IERC20(token).transferFrom(msg.sender, address(this), balance);

    // VULNERABILITY: State updated AFTER external call
    _records[token] = Record({
        bound: true,
        index: uint8(_tokens.length),
        denorm: uint96(denorm)
    });
    _tokens.push(token);
}

Recommendation: Apply checks-effects-interactions pattern. Update all state variables before making external token transfer calls.

Don't let this happen to your protocol.

BlockSecOps scans your smart contracts with 580+ security detectors, catching vulnerabilities before attackers do.

What Happened

// IndexPool.sol - EXPLOITED FUNCTION // Scanner detected: missing-access-modifiers (CWE-284) function setMinimumBalance( address token, uint256 minimumBalance ) external _control_ { // VULNERABILITY: Controller can set arbitrary minimum // Attacker used this to force rebalancing at manipulated prices Record storage record = _records[token]; require(record.bound, "ERR_NOT_BOUND"); // No validation of minimumBalance against current price! record.balance = minimumBalance; // This triggers reweighting based on manipulated balances }

// IndexPool.sol - Vulnerable Initializer // Scanner detected: missing-access-modifiers (CWE-284) function initialize( address[] calldata tokens, uint256[] calldata balances, uint96[] calldata denorms, address tokenProvider, address unbindHandler, address exitFeeRecipient ) external { // VULNERABILITY: No access control! require(!_mutex, "ERR_REENTRY"); require(_controller == address(0), "ERR_INITIALIZED"); // Anyone can call this on uninitialized proxies _controller = msg.sender; // ... }

// IndexPool.sol - Missing Array Validation // Scanner detected: array-length-mismatch function initialize( address[] calldata tokens, // Could be length 5 uint256[] calldata balances, // Could be length 3 uint96[] calldata denorms, // Could be length 7 // ... other params ) external { // VULNERABILITY: No length validation! // Different array lengths cause silent failures for (uint256 i = 0; i < tokens.length; i++) { // balances[i] or denorms[i] could be out of bounds _bind(tokens[i], balances[i], denorms[i]); } }

// IndexPool.sol - Reentrancy Vulnerability // Scanner detected: classic-reentrancy (CWE-841) function _bind(address token, uint balance, uint denorm) internal { // State changes happen after external calls IERC20(token).transferFrom(msg.sender, address(this), balance); // VULNERABILITY: State updated AFTER external call _records[token] = Record({ bound: true, index: uint8(_tokens.length), denorm: uint96(denorm) }); _tokens.push(token); }