Back to Blog

Loopring(LRC) Protocol Incident

Code Auditing
December 3, 2020

Hash(ti)(mod2248)=[b0,b1,,b247]T,where bi{0,1}\text{Hash}(t_i) \pmod{2^{248}} = [b_0, b_1, \dots, b_{247}]^T, where\ b_i \in \{0, 1\}

In November 2020, lots of DeFi platforms in Ethereum encounters a security incident, such as Pickle Finance, 88mph.

To detect the security incidents that happened in DeFi, we developed the ThunderForecast system. When analyzing recent transactions, it discovers a class of transactions that are extremely suspicious. First of all, there exists a pair of trades, which has a trade rate difference of more than a thousand times. Secondly, the caller(EOA) can always gain a few Ether at the end of each transaction. We used the EthScope system developed by our research team to analyze these transactions and discovered that this is an attack leveraging a vulnerability of Loopring's vault protocol for the arbitrage purpose.

LRC Protocol Fee Vault

Loopring is an open-source protocol for decentralized exchange(DEX) on the Ethereum blockchain. Correspondingly, LRC is the token(ERC-20) of Loopring. Furthermore, Loopring has a specific vault protocol(LRC Protocol Fee Vault) to store protocol fee. We will use the short term LRCPFV for the analysis below.

    function sellTokenForLRC(
        address token,
        uint    amount
        )
        external
        nonReentrant
    {
        require(amount > 0, "ZERO_AMOUNT");
        require(token != lrcAddress, "PROHIBITED");

        address recipient = tokenSellerAddress == address(0) ? owner : tokenSellerAddress;

        if (token == address(0)) {
            recipient.sendETHAndVerify(amount, gasleft());
        } else {
            token.safeTransferAndVerify(recipient, amount);
        }

        require(
            tokenSellerAddress == address(0) ||
            ITokenSeller(tokenSellerAddress).sellToken(token, lrcAddress),
            "SELL_FAILURE"
        );

        emit TokenSold(token, amount);
    }

sellTokenForLRC is a function in LRCPFV. This function allows users to swap the fee to the LRC token from the pool. However, there is no access control designed in sellTokenForLRC by their developer so that anybody can invoke this function. Finally, through leveraging this vulnerability, the attacker gains an opportunity to launch a series of attacks with the same logic. The details of the attack will be analysed below.

Details

We now start revealing more details of this attack with one attacking transaction 0x00b2c...

There are six steps involved :

  • Step 1: Take a flash loan of 3773.88 ETH from 0xEB7e...

  • Step 2: Swap 3773.88 ETH to 5014.68 LRC at Uniswap V1-LRC. And the rate in this trade is: 1 ETH = 1.32878 LRC

  • Step 3: Swap 0.231 ETH fee stored at LRCFV to 0.000219 LRC at Uniswap V1-LRC pool by invoking sellTokenForLRC(As mentioned previously, the attacker is not supposed to invoke sellTokenForLRC). However, based on the price calculation algorithm used at Uniswap V1-LRC, the price of LRC against ETH at Uniswap V1-LRC increases dramatically. And this rate of this trade is: 1 ETH = 0.00094 LRC

  • Step 4: Swap 5014.68 LRC to 3774.09 ETH at Uniswap V1-LRC. Based on step 3, only a few of LRC is swapped at Uniswap V1-LRC. This action makes LRC more valuable against ETH at Uniswap V1-LRC. Therefore, compared to step 1, the attacker gets 3773.88 ETH by swapping 5014.68 LRC at Uniswap V1-LRC and gains extra 0.215 ETH as a profit

  • Step 5: Return 3773.88 ETH flash loan

  • Step 6: Send 0.215 ETH to attacker's address(EOA)

Gain & Loss

The transaction analysed above is launched on 13th Oct 2020. To calculate the rough but accountable gain and loss for both the attacker and victim, we utilize coingecko to obtain LRC's price, which is 0.0005175 ETH. On the other hand, LRCPFV.

The attacker manipulates the price in Step 4, and gain a profit of 0.215 ETH through two trades.

The Scale of the Attack

Based on the feature of the attack, we detect 3 deployed malicious contracts(0xa896..., 0x414a..., 0xd91d...) and 90 transactions launched by the attacker0x81e8... since 9644449th block(where LRCPFV is deployed (The largest profit gained in transaction0x33eab... even reaches 9.89 ETH.). In the end, the attacker arb out a total of 80.97 ETH, which is equivalent to 48,849.2 USD based on the price on 1st Oct 2020.

The End

With the development of DeFi eco-system in Ethereum, various security problems are gradually pop out. However, the community might easily be attracted by an attack causing a vast financial loss instead of some inconspicuous attacks. In fact, the root cause, which is access control, behind the attack also causes a considerable loss(80.97ETH) for Loopring through launching 90 transactions.

Timeline

  • 2020/11/30:Suspicious transactions were found.
  • 2020/12/01: Finished the analysis.
  • 2020/12/02: Reported to loopring.
  • 2020/12/03: Vulnerability was confirmed and the fix is oneline.
  • 2020/12/03: Details were released.
  • 2021/01/03: CVE-2020–35962 is assigned.
Sign up for the latest updates
Tether Freezes $6.76M USDT Linked to Iran's IRGC & Houthi Forces: Why On-Chain Compliance is Now a Geopolitical Battlefield
Security Insights

Tether Freezes $6.76M USDT Linked to Iran's IRGC & Houthi Forces: Why On-Chain Compliance is Now a Geopolitical Battlefield

Looking ahead, targeted freezing events like this $6.76M USDT action will only become more common. On-chain data analysis is improving. Stablecoin issuers are also working closely with regulators. As a result, hidden illicit financial networks will be exposed.

Weekly Web3 Security Incident Roundup | Mar 2 – Mar 8, 2026
Security Insights

Weekly Web3 Security Incident Roundup | Mar 2 – Mar 8, 2026

During the week of March 2 to March 8, 2026, seven blockchain security incidents were reported with total losses of ~$3.25M. The incidents occurred across Base, BNB Chain, and Ethereum, exposing critical vulnerabilities in smart contract business logic, token deflationary mechanics, and asset price manipulation. The primary causes included a double-minting logic flaw during full token deposits that allowed an attacker to exponentially inflate their balances through repeated burn-and-mint cycles, a price manipulation vulnerability in an AMM-based lending market where artificially inflated vault shares created divergent price anchors to incorrectly force healthy positions into liquidation, and a flawed access control implementation relying on trivially spoofed contract interfaces that enabled attackers to bypass authorization to batch-mint and dump arbitrary tokens.

Weekly Web3 Security Incident Roundup | Feb 23 – Mar 1, 2026
Security Insights

Weekly Web3 Security Incident Roundup | Feb 23 – Mar 1, 2026

During the week of February 23 to March 1, 2026, seven blockchain security incidents were reported with total losses of ~$13M. The incidents affected multiple protocols, exposing critical weaknesses in oracle design/configuration, cryptographic verification, and core business logic. The primary drivers included oracle manipulation/misconfiguration that led to the largest loss at YieldBloxDAO (~$10M), a crypto-proof verification flaw that enabled the FOOMCASH (~$2.26M) exploit, and additional token design and logic errors impacting Ploutos, LAXO, STO, HedgePay, and an unknown contract, underscoring the need for rigorous audits and continuous monitoring across all protocol layers.