Yesterday, BGD Labs reported to Aave Labs that some periphery contracts used in the Aave Labs user interface (not part of core protocol) to perform swaps had a small balance (exact amount to be confirmed) that was exploited. These contracts, which are separate from the core protocol and used for facilitating token swaps, had accumulated small token balances over time. The accumulation is a result of residual tokens left over from swap transactions, a situation these contracts were not designed to handle. As a precautionary measure, the Aave Labs team has immediately disabled all functions that use swaps in the Aave Labs interface until the situation can be thoroughly investigated and a solution can be put in place. It’s important to note that users are still able to manage their positions by using alternative functions in the Aave Labs interface or by using other third-party interfaces to interact with the protocol. No user funds were impacted, and the tokens that the contract lost belonged to the Aave DAO.

We are continuing our thorough investigation into this incident and will provide more details shortly.

Awesome, looking forward to the report as well as this amazing feature

We have identified the issue and are currently working on a fix. In the meantime, we are re-enabling collateral swaps, as well as withdrawal and swaps, since these functionalities are not affected by the issue. We will provide a detailed report with more information soon.

Borrow (loan) Swap still not available. Is it next thing to be fixed? Thanks.

I’m not sure, but it’s one of the most useful features.

Just Use Aave

ive been trying to swap stuff but it doesn’t seem to be working well. the swap button is back but it hasen’t been working. just keeps saying the same thing - " there was some error - please try changing the parameters or copy there - i;ve tried increasing slippage and lower the amounts - its only worked once when i tried usdc.e

any ideas? paraswap having issues or is aave still not re implemented it yet.

tried on two different phones… anyone else having issues swapping? i dont see swap when withdrawing. with the markets like this, im sure everyone would appreciate responses asap. thank you

can we use paraswap directly? i tried but it said i need to unlock aaPOLBTC

if you can just give everyone an update on whats working and whats not and when things will be fixed back to normal.

Hi, @AaveLabs , any update on repair of borrowed tokens swap function?

so for metamask on your phone - you need to do 1 of 2 things - erase all the browser history and cache and connections - that should bring back the swap button. its a cache issue.

2. backup your keys and install a fresh wallet - that helped

3. everything was fixed for me within my chrome broswer with new metamask installed.

Hi, @SMoKeMoN . Are you sure we talking about Borrow side Switch button?
For the moment there is switch button on supplies side, but not on borrow side.

We have re-enabled repay with collateral and the debt swap will be fixed soon. Thank you for your patience.

All swaps are now re-enabled. More details on the investigation will be provided soon.

Following the execution of the AIP (see September Funding Update) on December 4th to recover remaining funds from the periphery contracts, Aave Labs presents the final technical analysis of the Paraswap integration incident.

Incident Report

Date of detection: Aug 28th, 2024
Severity: Medium
Components Affected: Paraswap-powered periphery contracts (not related to the Aave Protocol)

Summary

On August 28th, a problem was detected with the Paraswap Adapter contracts. These contracts facilitate token swaps and actions such as debt swaps and repay actions within the Aave Interface. Such contracts were identified to have been gathering small token balances (dust) over time from positive slippage that has been continuously transferred to the DAO. On August 28th, an attacker exploited these balances on the contracts through a sophisticated attack for roughly USD 95,000 across all the Aave networks. No core protocol contracts or user funds were affected or at risk.

Incident Timeline

Mitigation Timeline

Impact

The exploit affected all “repay with collateral” and “debt switch” adapter contracts across Aave markets, resulting in a total value of USD 95,284.44 drained. These funds accumulated as dust over time and were transferred to the DAO, not to any individual user. The remaining adapter contracts (“collateral swap” and “withdraw and switch”) did not accumulate any balance and were not exposed to the exploit.

Root Cause Analysis

The Paraswap-powered adapter contracts were designed to enable token swaps and actions for users, not to hold any balance. Their capabilities are very limited: they can only execute actions through Paraswap and Aave.

The attack was possible by creating a pending approval to the Paraswap Augustus contract. This pending approval could then be used via an arbitrary call on Augustus contract in the context of the Aave Periphery Adapters. This attack vector took advantage of two factors:

1. An unexpected accumulation of token balances in the contract: The leftover token amounts from swaps were expected to be minimal, typically just “dust” (small, insignificant amounts). However, an investigation revealed that the unexpected accumulation was caused by:

   a. Incorrect integration of the “repay with collateral” feature: The Aave Interface was passing incorrect data to the adapter contract, which caused an unexpected behavior of the swaps. The result was to have more accumulation of leftovers.

   b. Incorrect assumptions about Paraswap’s swaps behavior: The contracts assumed that Paraswap would provide exact output swaps, which is not always the case. There could be leftovers when executing exact output swaps (buy actions).

2. The ability for arbitrary calls through the Paraswap Augustus contract (the main entry point of Paraswap DEX): The Paraswap Augustus contract’s support for arbitrary execution calls enabled the attacker to exploit the remaining assets in the adapter contracts through a two-step process:

   a. The attacker initiates a fake swap by tampering with the input parameters passed to Paraswap, simulating a real swap. This action creates a non-zero pending allowance from the adapter contract to Paraswap, setting the stage for the exploit.

   b. The attacker initiates a real repayment with collateral action paired with a fake swap. Leveraging the pending allowance, the attacker uses the funds held in the adapter contract to repay their own debt, exploiting the contract’s intended purpose.

Conclusion

The Paraswap incident, which resulted in the accumulation and draining of an unexpectedly high amount of dust in the Aave Protocol’s periphery contracts, has been resolved through a combination of technical patches, upgrades, and community-supported actions.

Firstly, a patch was implemented to the periphery contracts to restrict the execution and approval process, preventing any further accumulation of dust. Additionally, an upgrade to Paraswap v6 was implemented, reducing the possibility of executing arbitrary code. Finally, through an executed AIP, the remaining dust balances were successfully recovered across all affected networks.

The “repay with collateral” feature remains disabled in V2 markets, while all other swap features have been restored across networks with improved security. Moving forward, the current implementation of Paraswap is being reviewed to further harden the security of the Aave Interface and the Aave Protocol. More updates on this ongoing work will be shared in the near future.

The Aave community played a crucial role in the resolution process. Aave Labs extends its gratitude to BGD Labs, Paraswap, Certora, and the broader community for their support in investigating and resolving this incident.