$27M Heist: Penpie Exploiter Strikes with Reentrancy Bug

Danail Yordanov
10 min read

At Three Sigma, we recognize the intricate opportunities within the Web3 space. Based in Lisbon, our team of experts offers premier services in development, security, and economic modeling to drive your project's success. Whether you need precise code audits, advanced economic modeling, or comprehensive blockchain engineering, Three Sigma is your trusted partner. Explore our website to learn more.

We are not just experts in code, economic auditing, and blockchain engineering—we are passionate about breaking down Web3 concepts to drive clarity and adoption across the industry.

Introduction

Pendle Finance

Pendle is a decentralized, permissionless protocol designed for yield trading, enabling users to implement a variety of yield management strategies.

To fully grasp how Pendle works, it is important to understand its three main components:

  • Yield Tokenization Pendle allows users to wrap yield-bearing tokens into SY (standardized yield tokens), making them compatible with Pendle’s AMM. For instance, a yield-bearing token like stETH can be converted into SY-stETH. This SY token is then split into two parts: the PT (principal token) and the YT (yield token), representing the principal and yield portions of the asset. This process, called yield tokenization, separates the yield into its own tradable token.
  • Pendle AMM Both PT and YT can be traded on Pendle’s AMM (automated market maker). While the AMM is central to Pendle’s functionality, understanding its mechanics isn’t necessary to trade PT and YT.
  • vePENDLE Pendle’s governance is powered by vePENDLE. Users can lock PENDLE tokens to receive vePENDLE, with longer lock durations resulting in a higher vePENDLE value. The vePENDLE value decreases over time, but users can extend their lock duration to counteract this decay.

Penpie

Penpie is a next-generation DeFi platform specifically designed to enhance the yield and governance capabilities for users of Pendle Finance. It focuses on locking PENDLE tokens, allowing users to benefit from increased governance rights and enhanced yield opportunities within Pendle Finance’s ecosystem. By leveraging Pendle Finance's veTokenomics model, Penpie offers users new ways to maximize their returns and governance power.

Penpie introduces a mechanism where PENDLE token holders can convert their tokens into mPENDLE at a 1:1 ratio. This conversion enables users to earn maximized PENDLE rewards through the platform. Once PENDLE tokens are converted into mPENDLE, Penpie locks the original PENDLE as vePENDLE within Pendle Finance. This process allows Penpie to accumulate vePENDLE, which grants the platform access to enhanced PENDLE rewards and increased governance power within Pendle Finance.

Attack Analysis

On September 3, 2024, at 6:23 PM UTC, a security vulnerability in the Penpie platform was exploited, resulting in the loss of over $27 million across the Arbitrum and Ethereum networks. The attacker created a fake Pendle market to manipulate rewards, inflating the staking balance and claiming unauthorized funds.

The stolen assets included wstETH, sUSDe, agETH, rswETH, and other Pendle-related YT tokens.

Vulnerability Exploitation

The incident was caused by two major factors:

  1. Lack of reentrancy protection in PendleStaking::batchHarvestMarketRewards()
  2. Penpie’s acceptance of all Pendle Markets as valid pools, despite Pendle Markets, PT, and YT tokens being permissionlessly created.

Attack Breakdown:

  • Creation of a Fake Market: The attacker created a fake Pendle Market using a fraudulent SY token, which also served as the attack contract. The attacker created a pool, minted YT and PT tokens for the Pendle Market, and then deposited the market into Penpie.
  • Flashloan Execution: The attacker took a flashloan from Balancer in agETH, rswETH, egETH, and wstETH, then deposited the funds into the fake SY contract.
  • Reentrance: The attacker invoked PendleStaking::batchHarvestMarketRewards() with the malicious market as the argument. During this call, the attacker was able to re-enter the function because PendleMarket::redeemRewards() was called on the fake SY market.
  • Manipulating Reward Calculations: Initially, the fake market returned the desired token types that would be stolen by the PendleMarket::getRewardTokens() function, and these tokens were recorded in the bonusTokens array.

    Afterward, the token balances of the PendleStaking contract were recorded in the amountsBefore array. Next, the PendleMarket::redeemRewards() function was called on the fake market, which deposited the flash-loaned tokens into legitimate markets via PendleStaking::depositMarket(). Although this function had a nonReentrant modifier, the modifier was bypassed because, as mentioned earlier, the batchHarvestMarketRewards() function lacked such protection.

    This resulted in an increase in the PendleStaking balance, which made the contract incorrectly assume that the balance increase was due to redeemed rewards rather than deposited funds. This led to significantly larger rewards being reflected in the amountAfter array.
  • Claiming Rewards: PendleStaking then sent the incorrect reward tokens (Pendle Markets) and amounts to the RewardDistributor, attributing those Pendle Markets to the fake Pendle Market depositor. Since the attacker was the sole depositor in the fake Pendle Market, they were able to claim all the rewards, including wstETH, sUSDe, egETH, and rswETH Pendle Market tokens.
  • Withdrawal and Conversion: The attacker then withdrew from the legitimate Pendle Markets they had deposited into and converted the Pendle Market tokens back into their original assets. Afterward, they repaid the flash loan and kept the remaining profit.

How the Attack Could Have Been Prevented

Although there was a reentrancy check in the PendleStaking::depositMarket() function, the batchHarvestMarketRewards() function lacked this protection, which allowed the exploit to occur. Implementing a nonReentrant modifier on this function could have prevented the attack.

Protocol Response

The Penpie protocol was paused on all chains. The Penpie team joined a War Room alongside Pendle Finance and the Security Alliance (SEAL 911). Pendle Finance posted on X to inform users that their platform was unaffected, although they acknowledged that Penpie had been targeted in the attack, leading to a security compromise. The Penpie team also filed a report with the Kampong Java Neighbourhood Police Centre.

The team also started working with Hypernative to track the hacker’s movements. One positive development is that Pendle’s logging system identified the attacker’s VPN IP address when they used Pendle’s frontend to perform a YT swap. The VPN IP address was reported to the Singapore Technology Crime Senior Investigation Officer, who will forward the cybercrime incident to the VPN provider for further information.

Also the team Initiated communication with Binance Security, Slowmist, and Chainalysis/zeroShadow to demix the Tornado Cash deposits.

Consequences

Approximately $27 million was stolen across multiple chains. Unfortunately, the attacker did not respond to any messages (TX) and began transferring the stolen funds to Tornado Cash in batches of 100 ETH from different accounts (TX), effectively laundering the money.

Pendle Finance briefly paused its contract, protecting roughly $70 million (excluding vePENDLE positions) that could have been further drained from Penpie. Moving forward, the team will continue to attempt negotiations with the attacker in hopes of reaching a whitehat settlement.



Reach out to Three Sigma, and let our team of seasoned professionals guide you confidently through the Web3 landscape. Our expertise in smart contract security, economic modeling, and blockchain engineering, we will help you secure your project's future.

Contact us today and turn your Web3 vision into reality!

Addresses

Deployment of Malicious Markets

Attacks

Exploiter Wallets

Messages