Is Tezos Vulnerable to DeFi/ERC-777 Attacks?
In recent months, there have been a number of successful Ethereum attacks targeting decentralized exchanges and DeFi protocols. Two of the attacks used the fact that Ethereum’s ERC-777 token standard’s compatibility with the ERC-20 interface while adding a side-effect of calling an untrusted hook. Although technically ERC-20 on Ethereum does not prohibit calling external (even untrusted) contracts from transfer, ERC-20 tokens usually do not use this possibility, and most of transfer calls are reentrancy-safe.
Uniswap protocol and Lendf.me (which uses slightly modified Compound V1 contracts) assumed that calling token transfer can not yield external contract calls and, hence, reentrancy attacks.
These attacks are hard to make on Tezos due to the operation queue concept. While the exact replicas of attacks are not possible, there are some security issues associated mainly with the currently recommended view pattern. Below, we analyze the details of attacks and the specific differences between Ethereum and Tezos.Lendf.me breach Attack mechanics
Lendf.me tracks the internal token balances of each address. When one invokes the supply(…) method of the contract to deposit the tokens, the implementation uses thetoken.transferFrom(…) method to transfer the funds. However, the balance of the account is updated after this transfer goes through. Making state modifications after external interactions is generally considered to be a bad practice. Probably the contract developers expected token.transferFrom(…) to not call any untrusted contracts but with ERC-777 making such calls is quite possible and simple.
1. An attacker deposits 250 tokens using supply(…).
2. He then deposits 0.00000001 more tokens using supply(…) but this time he also turns on a pre-transfer hook that calls withdraw(…).
3. withdraw(…) executes before any balance changes in (2) and kindly sends 250 tokens...