🎉 The #CandyDrop Futures Challenge is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win.
Orion Protocol suffered a reentrancy attack, resulting in a loss of $2.9 million in assets.
Analysis of the Reentrancy Attack Incident on Orion Protocol
On February 2, 2023, the Orion Protocol on Ethereum and Binance Smart Chain suffered a reentrancy attack due to a contract vulnerability, resulting in a total loss of approximately $2.9 million in assets, including 2,844,766 USDT on Ethereum and 191,606 BUSD on Binance Smart Chain.
Attack Process Analysis
The attacker first deployed a custom Token contract and performed relevant transfer and authorization operations in preparation for the subsequent attack. Then, the attacker borrowed through the swap function of Uniswap V2 and called the ExchangeWithAtomic.swapThroughOrionPool method of OrionProtocol for token exchange.
The exchange path is set to [USDC, Attacker Token, USDT], where the Attacker Token is used to execute the callback operation. During the exchange process, due to the callback logic contained in the Attacker Token contract, when the ExchangeWithAtomic.swapThroughOrionPool method is executed, it continues to call the ExchangeWithAtomic.depositAsset function through Token.Transfer, thereby enabling a reentrancy attack. This causes the deposit amount to be repeatedly accumulated, ultimately allowing the attacker to profit through withdrawal operations.
Capital Flow
The attacker's initial funds came from the hot wallet of a large trading platform. Out of the 1,651 ETH gained from the attack, 657.5 ETH remain in the attacker's wallet address, while the rest has been transferred using coin mixing services.
Vulnerability Analysis
The core issue of the vulnerability lies in the doSwapThroughOrionPool function. This function calls the _doSwapTokens function, which updates the curBalance variable after executing the transfer operation. The attacker exploits the callback logic added in the transfer function of the custom Token, which allows the depositAsset function to be called again during the transfer process, resulting in an incorrect update of the curBalance variable. This enables the attacker to extract additional funds through the withdraw function after repaying the flash loan.
Security Recommendations
To prevent similar attacks, project teams should pay attention to the following points:
When implementing the token exchange function, it is necessary to consider the security risks that may arise from various types of Tokens and exchange paths.
Strictly follow the "Checks-Effects-Interactions" coding pattern, which means first perform state checks, then update the contract state, and finally interact with external contracts.
Implement reentrant locks and other security mechanisms to prevent the occurrence of reentrancy attacks.
Key functions involving financial operations should undergo comprehensive security audits and testing.
Consider introducing additional security measures such as delayed withdrawals or multi-signature to increase the difficulty of attacks.
By taking these measures, the risk of smart contracts being attacked can be significantly reduced, thereby enhancing the overall security of the project. In the Web3 ecosystem, security should always be a top priority.