So what actually happened?

A deep analysis into the Cream // Alpha incident that took place recently.

This is going to be quite the write up and I’m going to go pretty deep - so set some time aside to read through all of this! Last night I saw that something odd was going on with Cream and more specifically this was the transaction in place: https://etherscan.io/tx/0x745ddedf268f60ea4a038991d46b33b7a1d4e5a9ff2767cdba2d3af69f43eb1b

Larry Cermak @lawmaster

Something is going on with $CREAM. Very likely an exploit. Be careful out there

7:36 AM ∙ Feb 13, 2021

---

The market also caught wind of this and within 10 minutes the price of CREAM tanked 30% from people panic dumping.

In a few minutes we also had Igor post a great thread of what went down. Read the thread below if you want a super detailed understanding of what went down.

Igor Igamberdiev @FrankResearcher

IronBank ($CREAM) was exploited on $37.5M, let’s take a quick look at what happened.👇 1/ Attacker used Alpha Homora for borrowing sUSD from IronBank. Each time they borrow twice as much as in the previous one.

8:57 AM ∙ Feb 13, 2021

---

However, in a classic DeFi plot twist we then see the following tweet come out from Cream:

Cream Finance 🍦 @CreamdotFinance

C.R.E.A.M. contracts and markets were investigated and found to be functioning as normal. Markets have been re-enabled across both V1 and V2. Post mortem to follow.

9:51 AM ∙ Feb 13, 2021

---

This creates even more confusion in the market and eyes turn towards Alpha since if Cream isn’t exploited then Alpha must have been. In a few short hours Alpha releases a post-mortem of what happened:

Alpha Finance Lab @AlphaFinanceLab

Dear Alpha community, our partners, and DeFi users, we'd like to share a post mortem on the recent Alpha Homora V2 exploit. We’d like to sincerely thank everyone who has helped us, both on the technical and non-technical sides. TL;DR 👇 blog.alphafinance.io/alpha-homora-v…

blog.alphafinance.ioAlpha Homora V2 Post MortemDear Alpha community, our partners, and DeFi users, as we have shared earlier, we have closed the loophole that made the exploit possible. We’d like to take this opportunity to thank everyone who has helped us, be it on the technical front and non-technical front. We sincerely appreciate it. We are …

7:33 PM ∙ Feb 13, 2021

---

If you want the TLDR version it goes a little something like this:

1. The attackers is the only user who is in the (announced) sUSD pool for Alpha Homora

2. The attacker borrows ETH from Cream’s Ironbank by using the sUSD as collateral

3. The attacker then repay the debt accrued from borrowing the sUSD, however due to a very minor borrowing error he is able to profit a very tiny amount through this exploit

4. The method to make this tiny profit is then re-executed multiple times in order to reach a size where the profit exceeds well into the 7 figure range

5. The hacker has outstanding debt to the Ironbank via Alpha Homora but of course is never going to repay it

6. Hacker starts washing funds through Tornado and gives a friendly donation of 1,000 ETH to Alpha and Cream in the process

Important clarification: Cream lenders haven’t directly lost money but they have an outstanding loan from Alpha Homora that needs to be repaid. Alpha as a platform is a borrower on Cream similar to if the ALPHA token was used as collateral.

---

So where does that leave us?

That’s been the biggest question on my mind. Who is actually impacted and how through this whole incident. I’m not super deep into the inner workings of the Iron Bank but conceptually the idea is that you can increase capital efficiency by allowing Cream partnered protocols to utilise the funds without collateral since they’re trusted smart contracts.

In this instance we had a few parties involved here:

• Cream v2 as a protocol which has a contract-level agreement with Alpha Homora v2

• Alpha Homora v2 as a protocol which has a contract-level agreement with Cream v2 to borrow Cream v2 funds without collateral (although still liable to pay an interest rate)

• Cream v2 lenders who have lent assets not only to Cream users, but also Alpha Homora v2 users

• Alpha Homora v2 borrowers who are not only borrowing from Alpha but Cream v2. The attacker can be classified as a malicious borrower.

In order to simplify the above, here’s a little diagram to explain how these parties conceptually link up with each other:

So with the above diagram, the best way to explain the exploit is that the contract agreement between Cream and Alpha has been broken since the attacker maliciously borrower via Cream through Alpha.

• At a conceptual level, Alpha Homora is in debt to Cream v2

• At a micro level, Cream lenders do not have a valid counter-party borrowing their funds

In its current form, it seems like Alpha will resolve their debts with Cream which they can given their large enough treasury. However, if the ties between the two protocols weren’t as tight, there’s a real possibility where Alpha could walk away from the bad debt and put the recourse on Cream token holders since technically the protocol is responsible for the safety of lenders. Given the quality and reputation of Alpha I don’t think Cream holders will need to worry however for future incidents as we see inter protocol agreements this may not hold up as well.

---

Impact

The interesting part about this is that while the exploit was through Alpha contracts, Cream is impacted a lot more given that their AUM has dropped from $700m -> $200m in one day and the token price is down 30%. Alpha on the other-hand has only dropped 10% in AUM and the token dipped a little but nothing as catastrophic. There’s two reasons for this but I’m not sure which one holds more weight:

1. Cream was the first to be in the limelight and therefore the brunt of the panic went to them

2. Cream lenders are the ones who are at risk at the end of the day since Alpha users aren’t directly impacted (apart from a lower token price)

I’m more inclined that #2 is the greater reason since Cream lenders realise that the risk profile that they’re exposed to is quite high. Even before the hack, Cream borrow rates for most stable asset were over 30%. My theory here is that lenders are going to become a lot more cautious of lending out their USDC since the loss of the capital is simply too high especially in a market where stables can be leveraged over 9 times and earn extremely high APY’s or can simply be used to market make certain asset pairs. The insight here is that for products such as Rari Fuse and Sushibento Box, the long tail assets will be able to get liquidity but the cost of that capital is going to be very high and mainly retail focused rather than institutional. I’m still super excited for both of them though! Lenders as a counter-party take a while to onboard and typically are very risk averse. Token subsidies will help mitigate this in the short term but assessing risk for many markets becomes too hard after a certain point.

---

Audits and Security

The other bit that I wanted to cover here is that the security and audit procedures in the industry at the moment aren’t well equipped to the kinds of challenges we’re facing in DeFi right now. The very best auditors are booked out 3-6 months in advanced and no matter how much you value security, if you get things audited but you’ve built the wrong thing - you’re toast. Move too quickly and you’ll get rekt.

What’s interesting here is that Alpha received 2 audits and yet this exploit still happened. The exploit is so complex it took many researchers and developers hours to truly understand what really went down suggesting that even the existing audit capabilities we have don’t fully measure up. With last week’s yEarn yDAI exploit, it was interesting how the team opened a Maker CDP to finance the debt and pay out cash rather than selling tokens from the treasury. In Alpha’s case they may do this however given that no money markets accept Alpha as debt, this kind of debt financing may not be available unless done privately through investors willing to negotiate with custom terms.


Although it still does bring up a point that in the future, a token’s balance sheet will ultimately be the insurance fund. The larger the protocol, the more options available when things go wrong. A common theme I’ve seen is that larger protocols that get hacked recover a lot quicker compared to smaller ones. Regardless of what post-mortem actions are available, prevention and security is still an unsolved challenges. The best option for now seems to be:

1. Get as many eyes over the code as possible via peer reviews

2. Automated testing should go as deep as possible and ensure mathematical correctness. Creating spreadsheets to make sure expected values are returned can be very helpful here

3. Scaling TVL slowly rather than rapidly to mitigate the maximum loss possible

Unfortunately though these aren’t perfect solutions yet as the industry adapts I’m sure we’ll adapt and improve.

---

Closing

We’re going to start seeing the boundaries of efficiency and risk being pushed however we are going to learn a lot along the way. I think this incident with Cream & Alpha gives us more data points around the risk of composability and what can go wrong and what options are available.


This journey is only just beginning and there’s going to be opportunities and risks at every turn. Take your time to understand the underlying properties of the systems before ape-ing in. That’s about all for this piece, hope you learned something or walked away with a deeper thought process about how to think about DeFi risk.

Also just on closing up, we should all still applaud Cream and Alpha for attempting to do what they’ve done. Sure things don’t always work 100% well but the response on both ends has been fabulous and we shouldn’t ostracise experimentation like this.