In September 2024, PenPie, a yield farming protocol built on Pendle Finance, was exploited in a reentrancy attack, leading to a significant loss of $27 million in funds. The attack highlights the importance of smart contract security, especially within the DeFi ecosystem, and emphasizes the role that audits play in preventing such vulnerabilities.

This article will explore the details of the PenPie hack, the nature of reentrancy attacks, and how comprehensive auditing practices, such as those offered by AuditOne, can help safeguard protocols from similar threats.

What Happened: The PenPie Exploit Breakdown‍‍

On September 3, 2024, PenPie became the latest DeFi platform to suffer a major exploit when an attacker took advantage of a vulnerability in the protocol’s reward distribution function, _harvestBatchMarketRewards.

This function, which was responsible for managing PenPie’s staking rewards, lacked adequate reentrancy protection. This oversight allowed the attacker to repeatedly call the function before the contract had a chance to update its internal state, leading to an inflated reward balance and subsequent drainage of protocol funds.

The attacker used a combination of fake liquidity pools tied to valueless Standardized Yield (SY) tokens and smart contracts that mimicked legitimate liquidity providers. By manipulating the system in this way, they were able to bypass safeguards and make repeated reward claims based on nonexistent assets.

‍

Reentrancy Attacks: How They Work

‍

A reentrancy attack occurs when a malicious contract is able to repeatedly call a vulnerable function in another contract before it completes execution. In most cases, this allows the attacker to drain out funds multiple times by preventing the contract from updating key information, such as user balances.

In a typical smart contract function, the order of operations should involve updating the contract’s state (such as reducing the balance after a withdrawal) before making any external calls. However, in a reentrancy scenario, the attacker’s contract exploits the vulnerability by repeatedly calling back into the target function before the balance is updated.

In PenPie’s case, the attacker exploited this weakness within the _harvestBatchMarketRewards function, which allowed them to make repeated withdrawals by tricking the contract into believing the balance was still intact. Over the course of three transactions, the attacker drained an estimated $27 million from PenPie’s smart contract system.

‍

Penpie Protocol Exploit Analysis

‍

The Penpie protocol was exploited due to a combination of a reentrancy vulnerability and permissionless market registration in the PendleStakingBaseUpg.sol contract. At the core of this exploit lies the absence of a reentrancy guard in the _harvestBatchMarketRewards() function, responsible for processing token transfers and calculating rewards. 

‍

Step by step of the attack

‍

1. Deploying a Malicious Market Contract: The attacker first created a malicious Pendle Market by deploying a crafted SY (Synthetic Yield) contract designed to exploit the reentrancy vulnerability. The malicious market contract was then registered on Penpie, which, being permissionless, allowed the attacker to bypass proper validation.

2. Manipulating Reward Calculation: Once the malicious market was registered, the attacker initiated the reward harvesting process by calling the _harvestBatchMarketRewards() function. Inside this function, the rewards were calculated based on token balances before and after calling redeemRewards(). Since the function lacked a reentrancy guard, the attacker re-entered the function during the reward calculation phase. By depositing additional tokens (such as flash-loaned wstETH, sUSDe, egETH, and rswETH) into the contract during this phase, the attacker artificially inflated the token balances, resulting in exaggerated rewards.
   ‍

‍

3. Flash Loan Usage: The attacker used flash loans to borrow large amounts of assets, which were deposited into the malicious SY contract. These assets were used to mint fake Pendle Market tokens, which were deposited into Penpie. During the batchHarvestMarketRewards call, the malicious SY contract returned the tokens from the flash loaned assets as rewards, further exploiting the reentrancy vulnerability.

4. Claiming Excessive Rewards: After inflating the reward amount through reentrant calls, the attacker was able to claim all rewards from the system by invoking the claimReward() function. Since they were the sole depositor in the fake Pendle Market, they received all the inflated rewards attributed to the malicious market.

5. Conversion to Original Assets: After harvesting and claiming the rewards, the attacker withdrew from the malicious market, converting the Pendle Market tokens back into their original asset forms and effectively stealing the assets.

‍

‍

Consequences of the attack
‍

The loss of funds damages trust in the platform, staining its reputation among users and investors, which can lead to reduced user engagement, capital flight (TVL vanishing), and reluctance from future partners or contributors, potentially reducing the protocol’s growth. Legal consequences may also arise, as affected parties could pursue litigation to recover their losses, potentially resulting in costly settlements or regulatory scrutiny.
‍

The Role of Auditing: How It Could Have Prevented the PenPie Exploit
‍

While the PenPie protocol had undergone audits prior to the hack from 2 distinct enterprises, the critical reentrancy vulnerability remained undetected. This highlights the importance of comprehensive and continuous smart contract audits that go beyond surface-level checks and dive deep into the nuances of function execution, state changes, and external calls.

AuditOne specializes in rigorous smart contract audits designed to uncover vulnerabilities like reentrancy. Through a combination of manual code reviews and automated security tools, AuditOne identifies potential issues before they can be exploited. Here’s how a thorough audit could have prevented the PenPie hack:

1. Reentrancy Guard Implementation: One of the most effective solutions for preventing reentrancy attacks is to implement a reentrancy guard. This mechanism ensures that critical functions cannot be called multiple times within the same transaction, effectively blocking reentrancy exploits.

2. Check-Effects-Interactions Pattern: This best practice ensures that state changes (such as updating a user’s balance) occur before any external calls are made. By adhering to this pattern, smart contracts can prevent the kind of repeated function calls seen in the PenPie exploit.

3. Input Validation and Access Control: AuditOne’s auditing process emphasizes thorough input validation, ensuring that only legitimate data is accepted by the smart contract. In PenPie’s case, better input validation could have prevented the creation of fake liquidity pools and stopped the attacker from claiming rewards based on non-existent assets.
‍

What can protocols learn from the PenPie Hack

‍

1. The Importance of Comprehensive Audits: While PenPie underwent an audit, it was not sufficient to detect the reentrancy vulnerability, reassuring the importance of continuous audits and bug bounties, particularly as a protocol evolves and new functionality is added.

2. Real-Time Security Monitoring: In addition to pre-deployment audits, real-time monitoring tools like CUBE3.AI’s fraud detection system can help identify and mitigate attacks as they happen. In the case of PenPie, CUBE3.AI detected the exploit within 32 seconds of the attack contract being deployed, providing an additional layer of defense against such exploits by allowing teams to respond more quickly.

3. Continuous Vigilance: Auditing is not a one-time process. As DeFi platforms grow and adapt to new user demands, regular security reviews are critical to ensure that vulnerabilities like reentrancy do not go unnoticed.
‍

Final Thoughts

‍

PenPie’s hack is probably not the first nor last one to happen in DeFi, but it serves as a reminder of the dangers that reentrancy vulnerabilities pose to inexperienced developers. Even the so called bluechips protocols such as Curve Finance, QuickSwap Lending and CREAM Finance suffered from this kind of exploit. However, with proper coding practices, these risks can be mitigated. Security audits offer a vital line of defense, identifying vulnerabilities before they can be exploited. By combining human expertise with automated tools, AuditOne helps safeguard DeFi platforms and, thus users funds.