A 10M USD RUG on Moonriver

Warning: The following analysis may contain incorrect information, please verify everything yourself before believing in these info.

Would be nice to have someone better in on-chain analysis to double check these.

Background

SatrunBeam Finance was a yield aggregator on Moonriver, a EVM-Compatible parachain on Kusama in the Polkadot ecosystem.

It attracted several millions of liquidity within a month. The team is anon and they claimed that the contracts are audited by BitRise whose domain name was only registered on 2022-08-22 (https://who.is/whois/bitriseaudits.com). And the contracts were never actually verified on the block explorer.

UTC 5:55 am, Oct 10, 2021, RugDoc reporeted the project was rugged (https://twitter.com/RugDocIO/status/1447078249394159619).

Current Status

Twitter https://twitter.com/SaturnbeamFi deleted.
Website https://saturnbeam.finance gone.
Doc https://saturnbeamdev.gitbook.io gone, but I made a (partial) copy on web archive: https://web.archive.org/web/20211010100316/https://saturnbeamdev.gitbook.io/saturnbeam/.
https://github.com/SaturnFinance still here (for now).

Rug Value Estimation

On Ethereum:

In total, they hold 38.3 ETH + 1.6 WBTC + 4,778,887 DAI ~= 5M USD (ETH = $3,537.90, BTC = $54,866.00).

On Binance Smart Chain:

https://bscscan.com/address/0xCEDAa447Fa9c41D660c2CeD408c7AD4c34c6C2d6 In total, they hold 397.90 BNB + 725,269 BUSD ~= 0.89M USD (BNB = $414.91).

On Moonriver:

In total, they hold 12,222.5 MOVR ~= 3.4M USD (MOVR = $281.86), plus some MoonSwap $MOON, $mSWAP and SolarBeam $SOLAR which worth around 0.9M USD if they market dump on MoonSwap and SolarBeam.

Rug Process

Moonriver explorer: https://blockscout.moonriver.moonbeam.network/.
[V] Vault creator address: 0x609d246EE8173BDc63e61f5d8c854c9D870Bd5EB.
[A1] Attack address 1: 0xe54214A3Db66c6BF792573a6C6dFd0C6091dca75.
[C] Some contract address: 0x22123387c34fb69786774a8604cfc24e8ec58750. (Don't know what this is used for yet, but it appears as a argument in some of the following function calls.)
[A2] Attack address 2: 0x562331d30B14310870E29eaD7a506c897E1d1657.
[D] Drain contract address 0xA6Fd1665F79c5318B675120DA3DA3B7165CE7998.

In the vault creation txs sent by [V], we can find [A1] in the init byte code. So this address may be hardcoded in the contract the the rug was planned from the beginning. Example Tx
For all vaults, the following actions were performed (in this order):
- Format: [Initiator] function sighash(function arguments)
1. [A1] 0x3659cfe6([C]) Example Tx
2. [A2] 0x81f2c3b0([A2]) Example Tx
3. [A2] 0x494677c5(000000000000000001594cad792baa61637dd09ab168cb7ffaa54985cc5a16ab) Example Tx
4. [A2] 0x494677c5(000000000000000005200847b2a5db142ea7ee66b38decdd6ae24b45586c97e9) Example Tx
(Rest of the steps are all performed by [A2].) Create [D]. Tx
Fall all vaults, call function 0x26fae0d3 with [D] as input. Example Tx
Call function 0x87bcff63 of [D] with vault addresses as inputs. Tx, Tx, Tx
Call function 0xe9316243 of [D], draining all the vault LPs. Tx, Tx
Call function 0x58b0f6d6 of [D], swapping LPs to their underlying. Tx, Tx, Tx, Tx
Call 0x46e822c5 function of [D], sending all the funds to [A2]. Tx
Send funds to various addresses, bridge back to Ethereum through Anyswap, and swap all the assests to DAI https://etherscan.io/address/0x562331d30B14310870E29eaD7a506c897E1d1657. Some funds were bridged to BSC https://bscscan.com/address/0xCEDAa447Fa9c41D660c2CeD408c7AD4c34c6C2d6.

Attack Address Funding Trace

[A1]

[A1] is funded by [V] in this Tx.

[A2]

[A2] is funded by [A3] 0x526CD58d95BD09238AD629B60Da605d9Da85528a in this Tx.
[A3] is funded in this Tx receiving some BNB. Then it used the faucet provided by SolarBeam to get some MOVR in this [Tx] (https://blockscout.moonriver.moonbeam.network/tx/0xf04f6043b1316d2db9c75e929303ed1d9e78bb8e74f72326cb68b5afa5d4f953).
Using Anyswap Explorere to view the bridging tx, https://anyswap.net/explorer/tx?params=0x72cf4ff3fb9f7df3502d4f738fdf8f8261509106cb84af9470dd88d65591a349 shows that the fund is send from BSC in this tx 0x7c56870c7ab2792a5cdd6eb69a58da48ff56c00664985bd88d1fcdf699d944bd.
On BSC, [A3] is funded by this this Tx initialized by 0x835e5c4b6ab3c4554d5458827fae89c1e84040c8, which seems like a bridging service that only interacts with this bridge contract 0x62f68f767ac07be54512dbb5b16a8075ff7e305b.
That's where I am at right now. No idea how to trace further. Only know that the bridge contract is created by 0x40e0dcd7024030c7b5e1d474fe95aaf7bb880ad0, which also deployed the same bridge contract on 8 other chains. https://blockscan.com/address/0x40e0dcd7024030c7b5e1d474fe95aaf7bb880ad0. Will need to identify this service before we can dig deeper.

Other Info

Vault Contracts

I made a copy of vault addresses listed on their doc. Note that this is may not be a complete list.

SAT-MOVR 0xAA01cef269314c955041f23D1B1354ed93F777d5

MOON-MOVR 0x41D755d5bD793FCc674f448868538402aCae6a93

MOON-USDC 0xF6562EdeC25DeEB39A01FB3ceFB56771B7c28d7A

MSWAP-MOVR 0x8F4396FA13AF5793cCD84De8698F28784856f35E

MSWAP-USDC 0xC4b84F336bD1b7E51819083fea5714171E5c7089

MOON 0xeC80d1Abd21b4169a776989b7acFee34Bc0C3bBb

MSWAP 0x5060E68233FB719aA15497197d701322727DDeF8

MOVR-USDC 0x5f1061FEF233868fF727504A0Db1Adb0FE968477

BNB-BUSD 0x3568210747794aA634636C04af2776de78A57a16

ETH-USDC 0xD520bAA5758B8257D155d75734d78a76afDB9A7f

USDT-USDC 0x7A73a183b674c48F12F5d68b092593971C769353

BUSD-USDC 0x6cE3725Fa4bEf09A7460Aa50A09496eB76c9A2D6

DAI-USDC 0x7126c12cCc8081E0c4A4e785FF4989ba59A2f9bF

TOOLS-MOVR 0xDCF39278d7f75cd2FBFCd85bebF09c9ec9d4C3a7

SOLAR-USDC 0xf830d40e4A46008Ac51c05573DeC04ff30a92830

Donation

I spent a lot of time and effort compiling these information. So if you find this investigation useful, please consider donating here 0x4E7dFCA58C1F967d28BC77BB9B612A9Cf5096157, all chains welcomed (Ethereum, Binance Smart Chain, Fantom, Polygon, Avalanche, Optimism, Arbitrum, Moonriver). It will be a big encouragement for me to keep doing this kind of thing and contribute to the community.

marsrobertson/RUG.md