Skip to main content

Overview

In December 2024, VestraDAO was hacked. The hacker exploited a vulnerability in the unStake function which allowed users to stake and unstake without waiting for the maturity period. For an in-depth analysis of the hack, you can read this post. In a nutshell, there was an isActive flag that was set to false correctly in the unStake function. However, the isActive flag was never checked if someone called the unStake function again. This resulted in an attacker being able to repeatedly call unStake and get additional yield from the protocol until it was drained. It should be noted that there were no tests for the code base and the code was not audited. However, with an assertion it would be possible to patch the vulnerability until a new version of the code is deployed. The assertion would simply check if the isActive flag is false before calling the unStake function.

Use Case

In this hack, a simple require statement would have been enough to prevent the vulnerability. Usually, a contract redeployment is needed to fix a vulnerability like this. With an assertion, it is possible to patch this directly and make sure that all calls to the unStake function check the isActive flag. This is a very powerful concept and can be useful in many situations. Imagine a security researcher reports a vulnerability in a protocol before anyone has exploited it. In that case the protocol can publish an assertion that guards against the vulnerability until the team has had the time to fix the vulnerability in the best way possible.

Assertion

This assertions checks if the isActive flag is false before calling the unStake function if it’s false the transaction will not be included in the block. Alternatively, there could be an assertion that checks that the totalStaked is always equal to the sum of all stakeAmount in the stakes mapping. This would require a way to iterate over all the stakes and sum them up, which is not yet supported by a cheatcode. 
// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;

import {Assertion} from "../lib/credible-std/Assertion.sol";

// VestraDAO interface
interface IVestraDAO {
    struct Stake {
        uint64 startTime;
        uint256 stakeAmount;
        uint256 yield;
        uint256 penalty;
        uint64 endTime;
        bool isActive;
    }

    mapping(address => mapping(uint8 => Stake)) public stakes;

    function unStake(uint8 maturity) external;
}

contract VestraDAOHack is Assertion {
    IVestraDAO public vestraDAO = IVestraDAO(address(0xbeef));

    function triggers() external view override {
        registerCallTrigger(this.assertionExample.selector, vestraDAO.unStake.selector);
    }

    // Check that user was actively staked before unstaking
    // This prevents double-unstaking by ensuring isActive was true before the call
    function assertionExample() external view {
        PhEvm.CallInputs[] memory unStakes = ph.getCallInputs(address(vestraDAO), vestraDAO.unStake.selector);

        for (uint256 i = 0; i < unStakes.length; i++) {
            uint8 maturity = abi.decode(unStakes[i].input, (uint8));
            address from = unStakes[i].caller;

            // Check BEFORE the unstake that the stake was active
            ph.forkPreCall(unStakes[i].id);
            (,,,,,bool wasActive) = vestraDAO.stakes(from, maturity);
            require(wasActive, "User was not actively staked for this maturity");
        }
    }
}