Context

Euler Finance, a prominent decentralized finance (DeFi) lending protocol, suffered a significant exploit in March 2023. The hack resulted in the loss of approximately $196 million in cryptocurrency assets. The vulnerability stemmed from a subtle logic error in the protocol’s smart contract that allowed a malicious actor to accumulate bad debt and and subsequently liquidate their own position, effectively draining tokens from the protocol’s vault.

How Predator Did It

Predator, TestMachine’s AI-driven smart contract auditing system, successfully replicated the Euler hack, demonstrating its ability to identify complex vulnerabilities that eluded human auditors. The system’s approach highlighted several key advantages over traditional auditing methods:

1. Multi-agent simulation: Predator utilized two simulated Externally Owned Accounts (EOAs) in its campaign. This multi-agent approach allowed it to circumvent Euler’s security measures, which were designed to prevent a single account from both taking out a loan and liquidating its own position. By using one EOA to borrow and another to liquidate, Predator exploited a blind spot in the protocol’s security logic.

2. Identification of complex interaction patterns: The vulnerability in Euler’s protocol arose from the intricate interplay between different contract functions. Predator’s reinforcement learning algorithms excel at exploring vast state spaces and identifying non-obvious sequences of actions that can lead to exploitable states. This capability allowed it to discover the specific sequence of transactions that could breach the protocol’s security.

3. Simplified exploit execution: While the original Euler hack employed a flash loan, requiring the attacker to bundle a complex sequence of transactions as raw calldata, Predator demonstrated a more straightforward approach. The system’s simulated agents were initialized with sufficient funds, eliminating the need for borrowing. This simplification allowed Predator to execute the exploit through a series of individual transactions, which could later be adapted into a flash loan attack if needed.4. Rapid iteration and learning: Unlike human auditors who might be constrained by time or cognitive limitations, Predator can rapidly iterate through thousands of potential attack vectors. This exhaustive exploration allows it to uncover vulnerabilities that might be overlooked in manual code reviews or more targeted testing approaches.

4. Rapid iteration and learning: Unlike human auditors who might be constrained by time or cognitive limitations, Predator can rapidly iterate through thousands of potential attack vectors. This exhaustive exploration allows it to uncover vulnerabilities that might be overlooked in manual code reviews or more targeted testing approaches.

5. Invariant violation detection: Predator’s ability to identify and exploit this vulnerability stemmed from its focus on violating key protocol invariants. In this case, the system recognized that the separation between borrower and liquidator accounts was a critical invariant that, if breached, could lead to unauthoriszed token extraction from the protocol’svault.

By replicating the Euler hack, Predator demonstrated its capacity to identify sophisticated vulnerabilities in complex DeFi protocols. This case underscores the potential of AI-driven security auditing tools to complement and enhance traditional smart contract auditing processes, potentially preventing significant financial losses in the future.