AUDIUS Governance System Exploit Overview

AUDIUS exploit

On July 23, 2022, the AUDIUS governance, staking, and delegation contracts on Ethereum mainnet were compromised due to a bug in the contract initialization code that allowed repeated invocations of the initialize functions. The bug allowed an attacker to maliciously transfer 18MM $AUDIO tokens held by the AUDIUS governance contract.

You can find the detailed post-mortem report here at AUDIUS blog.

What happened?

Ethereum smart-contracts are not upgradeable by default. In order to overcome this limitation developers often use “Proxy contracts”.

Proxy contracts are appointed to the “logic contract” and execute transactions by pulling the code from “logic contracts”. However Proxy contracts need to operate with their internal variables and store contract-related data which is persistent. The way data is stored in Ethereum leads to the problem known as proxy storage collisions.

Proxy contracts pull code from “logical” contracts and perform actions as if the storage structure of the proxy was identical to that of the “logic” contract, and if it does not match — mess occurs.

The root of the problem

Most of the problems happen where developers try to get around platform limitations and use methods that are ill-suited for this. Unfortunately this is the case with Ethereum and AUDIUS. The lack of built-in contract upgradeability is a security flaw of Ethereum.

No program can be written without errors on the first try! Applying fixes and updating the code is an inevitable part of the development process.

The lack of this essential feature leads to the clunky attempts to circumvent it which leads to a number of problems associated with proxy contracts.

Security measures

• According to decrypt.co AUDIUS contracts were audited twice (by OpenZeppelin in 2020 and Kudelski in 2021). The exploited issue was in the code for 2 years.

• There was no open bug bounty or exploit reporting program in place. It was possible to create a bounty program, then the hacker could report a bug rather than exploit it.

• It would be possible to insure a smart-contract that operates with huge quantities of funds in order to get a compensation in case of a hack. See Callisto Insurance program

Conclusions

• Unfortunately the most common practice of re-inventing upgradeability in Ethereum is the use of Proxy-contracts. We strongly encourage DAPP developers to pay attention to the caveats related to Proxy-contracts.

• Always have a bug bounty for your contracts. The more funds a contract is supposed to hold — the more important it is to adhere to the best-known security practices.

• There is no single method to ensure that a program is completely secure. Always use multiple methods that complement each other.

• Smart-contracts are better suitable for solving the issue of trust rather than the issue of security. Use tools as they are the best fit.