After discovering an incident involving the security of the Spritz smart contract on July 21 we wanted to share our response and discuss how we’re enhancing our security in the future.
On July 21, 2022 at approximately 07:20 UTC we discovered that funds had been withdrawn from six user wallets through a bug in a recent smart contract upgrade. The wallets belonged to a group of special beta test users that were chosen to test out new features on the Spritz app. The upgrade integrated Spritz with a DEX aggregator from 0x to get users the best rates when exchanging non-stablecoin tokens to pay a bill with their crypto wallet. The incident affected 6 users and $22,000 in ERC20 tokens were stolen in total.
Upon discovery, Spritz immediately shut off the feature that enabled the exploit and took steps to reach out to each user that had been affected individually. We refunded what had been removed from customer wallets and worked with these customers to develop a solution that would ensure their security in the future. Once we determined that the exploit affected only non-stablecoin token payments, we turned stablecoin bill-payment back on for all users.
What happened?
On 20 July 2022, we upgraded our smart contract to add new functionality which would allow us to integrate with a DEX aggregator to provide our users with better swap functionality. We already had basic swap-to-pay enabled, but this made use of a single decentralized exchange (Uniswap), which has limited liquidity on the Polygon network. Integrating with the DEX aggregator would allow our swaps to go through the best exchange for that particular swap, giving our users access to the best trade possible, and increasing the likelihood that a trade would go through.
In integrating with the DEX aggregator from 0x, we used a guide on their website which explained how to make use of their swap router in our smart contract. We used this example directly in our contract. Unfortunately, this specific guide contained a very dangerous exploit which would allow any attacker to execute code in our smart code. We later discovered that this was a known vulnerability that had not yet been updated, though it was not widely discussed.
The hacker then called a method and executed the transferFrom on every token that users had given approval to our contract to spend. The hacker was then able to drain more tokens from user wallets that had integrated with the newly deployed DEX aggregator. This happened at approximately 06:24:26 UTC on 21 July, 2022.
What Spritz did in response:
We discovered the vulnerability on 21 July, 2022 at approximately 07:20 UTC. Out of an abundance of caution we immediately turned off bill payment so that we could identify how users had been affected. We identified that the exploit affected users who had interacted with the upgraded swap-to-pay feature. At this time we began reaching out to customers who had been affected. We first worked with them to refund tokens that had been lost and then to develop a solution that would further prioritize their security in the future.
Once we confirmed that the exploit affected users who had interacted with the DEX aggregator, we rolled back the smart contract so that we could re-enable smart contract interactions with stablecoin payments only.
How we’re changing our practices:
Spritz is prioritizing user security before making further adjustments to our smart contract. We have deployed a number of changes to the Spritz app with enhanced security in mind. As of now, we have:
- Adopted static code analysis tools, slither and mythril, which can analyze smart contract code and identify potential vulnerabilities before they happen.
- Implemented contract monitoring using OpenZeppelin defender
- Transferred ownership of the contracts to a Gnosis multi-sig wallet
- Implemented pausing on the contract
- Added tools to allow us to shut down specific parts of the Spritz platform in the event of emergencies. We have trained our entire global team on how to shut down bill payment on the platform in case of an emergency in the future, and are working on a further plan of action in anticipation of potential future smart contract exploits.
Had these tools been in place from the beginning, it is likely that the code would have been identified as a dangerous external call. These tools also enforce best practices and improve the quality of the code as a whole.
In the meantime, we will be reintroducing swap-to-pay in the near future, with all of these security measures in place. Our users have requested swap-to-pay, and have told us that it's a must-have feature to let them pay bills with any asset in their crypto wallets. We understand the importance of prioritizing security, especially as a company that works directly with user funds.
“We are very saddened by the exploit on our smart contract that affected users of the Spritz app and we remain vigilant against further attacks. It’s our goal that users can enjoy Spritz without worry, and in any case we are always guided by the principle to do what’s right for the customer,” says Christopher Sheehan, founder and CEO of Spritz.