SuperRare Token Exploit Investigation Report

This is my final report from our 8 week Cohort from the Blockchain Investigation Program taught by Adebayo Tiamiyu

Blockchain Security Investigation Course Project

  • Attacker : https://etherscan.io/address/0x5b9b4b4dafbcfceea7afba56958fcbb37d82d4a2

  • Attack Contract Super Rare Exploiter 2: https://etherscan.io/address/0x08947cedf35f9669012bda6fda9d03c399b017ab

  • Attack Contract Super Rare Exploiter 1: https://etherscan.io/address/0x2073111e6ebb6826f7e9c6192c6304aa5af5e340

  • Vulnerable Contract : https://etherscan.io/address/0xfFB512B9176D527C5D32189c3e310Ed4aB2Bb9eC

  • Attack Tx : https://app.blocksec.com/explorer/tx/eth/0xd813751bfb98a51912b8394b5856ae4515be6a9c6e5583e06b41d9255ba6e3c1

  • Crystal Visualization: https://expert.crystalintelligence.com/visualization/N323GgNrQzHGdA72?

Summary

This report presents a comprehensive blockchain investigation of a sophisticated smart contract exploit targeting the SuperRare (RARE) token staking protocol. On July 28, 2025, an attacker successfully drained approximately 11.9 million RARE tokens (valued at ~$658,612 USD) from the RareStakingV1 contract through a multi-vector attack exploiting a critical vulnerability in access control logic. 

SuperRare is an industry recognized NFT platform. The hack was done draining funds from the staking smart contract of the protocol. So funds were stolen from the protocol staking pool, rather than users themselves. At time of the publishing, the attacker still sits on the stolen fund and has not responded to the bounty requests from the SuperRare team. 

Key Findings:

  • Attack Vector: Access control bypass allowing unauthorized merkle root manipulation

  • Financial Impact: 11,907,874.71 RARE tokens stolen (~$658,612 USD)

  • Root Cause: Flawed logic operator in access control function allowing unauthorized merkle root updates

  • Current Status: Funds converted to ETH and remain in attacker's wallet

Investigation Methodology

This investigation employed a systematic, multi-phase approach to analyze the exploit:

Phase 1: High-Level Transaction Analysis

  • Initial Discovery: Identified suspicious large-value token transfer

  • Transaction Hash: 0xd813751bfb98a51912b8394b5856ae4515be6a9c6e5583e06b41d9255ba6e3c1

  • Log Analysis: Examined 4 event logs to understand attack sequence

  • Pattern Recognition: Classified as logic vulnerability exploit (not flash loan or price manipulation)

Phase 2: Call Data Forensics

  • Function Signature Decoding: Identified 0xad24067c as attack entry point

  • Parameter Analysis: Discovered empty merkle proof array and manipulated parameters

  • Cross-Platform Verification: Used multiple tools for call data validation

Phase 3: Contract Architecture Investigation

  • Proxy Pattern Analysis: Distinguished between proxy (0x3f4D749675B3e48bCCd932033808a7079328Eb48) and implementation contracts

  • Multi-Contract Attack Chain: Traced contract creation and execution sequence

  • Attack Infrastructure: Mapped relationships between 2 attacker-controlled contracts

Phase 4: Source Code Analysis

  • Implementation Discovery: Located actual vulnerable contract code behind proxy

  • Static Analysis: Reviewed Solidity source code for RareStakingV1 contract

  • Vulnerability Identification: Pinpointed exact code flaws enabling the exploit

Phase 5: Dynamic Analysis & Simulation

  • Tenderly Integration: Simulated attack transaction with step-by-step execution tracing

  • Bytecode Decompilation: Used Dedaub.com for contracts without verified source code

  • AI-Assisted Analysis: Leveraged Claude AI for pattern recognition and vulnerability assessment


Technical Analysis

Attack Infrastructure

The exploit utilized a sophisticated multi-contract architecture:

  1. Master Controller: 0x2073111E6Ebb6826F7e9c6192C6304Aa5aF5E340

    • Orchestrated the entire attack sequence

    • Created and managed subordinate attack contracts

    • Contained complex deployment and execution logic

  2. Execution Contract: 0x08947cedf35f9669012bda6fda9d03c399b017ab ("SuperRare Exploiter 4")

    • Performed the actual token drain operation

    • Implemented merkle root manipulation logic

    • Received stolen RARE tokens

  3. Victim Contract: 0x3f4D749675B3e48bCCd932033808a7079328Eb48 (Proxy)

    • ERC1967 upgradeable proxy containing user funds

    • Delegated execution to vulnerable implementation contract

    • Source of the 11.9M stolen RARE tokens

  4. Implementation Contract: 0xfFB512B9176D527C5D32189c3e310Ed4aB2Bb9eC

    • Contained the vulnerable RareStakingV1 business logic

    • Location of critical access control

Vulnerability Analysis

Primary Vulnerability: Access Control Logic Error

Location: updateMerkleRoot() function in RareStakingV1 contract

function updateMerkleRoot(bytes32 newRoot) external override {

    require((msg.sender != owner() || msg.sender != address(0xc2F394a45e994bc81EfF678bDE9172e10f7c8ddc)), 

           "Not authorized to update merkle root");

    // ... rest of function

}


Flaw: Incorrect boolean logic operator

  • Intended Logic: msg.sender == owner() || msg.sender == authorizedAddress

  • Actual Logic: msg.sender != owner() || msg.sender != authorizedAddress

  • Result: Function accessible to any address except when caller is simultaneously both owner AND authorized address (impossible condition)

Attack Execution Sequence

  1. Merkle Root Manipulation

     updateMerkleRoot(keccak256(attackContract, tokenBalance))’


  • Bypassed access control due to logic error

  • Set malicious root equal to desired claim leaf


  1. Token Claiming with Manipulated Root

     claim(amount, [])  // Empty proof array’


  • Leaf: keccak256(attackContract, amount)

  • Root: Same value (set in step 1)

  • Proof: [] (empty)

  • Result: MerkleProof.verify([], root, leaf) returns true


  1. Token Transfer

  • 11,907,874.71 RARE tokens transferred from staking contract to attack contract

  • Attack contract emitted success confirmation event

Event Log Evidence

The attack generated 4 critical event logs providing complete audit trail:

  • Log 0: NewClaimRootAdded - Evidence of merkle root manipulation

  • Log 1: Transfer - RARE token movement from victim to attacker

  • Log 2: TokensClaimed - Successful claim using manipulated root

  • Log 3: Custom attack contract event - Confirmation of operation success

Fund Flow Analysis

Immediate Post-Exploit Activity

  • Destination: All stolen RARE tokens transferred to 0x08947cedf35f9669012bda6fda9d03c399b017ab

  • Subsequent Movement: Tokens moved 1 hop to attacker's EOA (Externally Owned Account)

  • Liquidation: Attacker swapped entire RARE balance for ETH via DEX

  • Current Status: Converted ETH remains in attacker's wallet (no further movement detected)


Investigation Tools & Techniques

Primary Analysis Platforms

  • Etherscan: Transaction and contract exploration, event log analysis

  • Tenderly: Advanced transaction simulation and debugging

  • Dedaub: Bytecode decompilation for unverified contracts

  • Claude AI: Pattern recognition, vulnerability assessment, and code analysis

Methodological Innovations

  • Multi-Tool Verification: Cross-validated findings across multiple platforms

  • AI-Enhanced Analysis: Leveraged language models for complex pattern recognition

  • Proxy Pattern Navigation: Systematically traced through upgradeable contract architecture

  • Event Log Forensics: Used blockchain events as primary evidence source



Lessons Learned & Recommendations

For Investigators

  1. Systematic Approach: Phase-based methodology proves effective for complex DeFi exploits

  2. Tool Diversity: Multiple analysis platforms provide complementary insights

  3. Proxy Awareness: Understanding upgradeable contract patterns is critical for modern DeFi investigations

  4. Event-Driven Analysis: Blockchain events often provide clearer attack narratives than raw transaction data

For Protocol Security

  1. Logic Operator Validation: Critical access control functions require formal verification

  2. Multi-Layer Validation: Implement redundant security checks for critical functions

  3. Automated Testing: Deploy property-based testing for access control mechanisms

Conclusion

This investigation demonstrates how even simple coding errors can enable sophisticated attack execution in modern DeFi protocols. The SuperRare exploit succeeded through a single, critical flaw: a misplaced boolean operator in an access control function that completely undermined the protocol's security model.

While the attack appeared technically sophisticated due to its multi-contract deployment architecture and merkle tree manipulation, the underlying vulnerability was elegantly simple. The attacker leveraged legitimate cryptographic functionality (OpenZeppelin's merkle proof verification) after gaining unauthorized access through the flawed access control logic.

This case study reinforces the critical importance of rigorous code review, formal verification, and comprehensive testing in DeFi protocol development. It demonstrates how one small logical error can have catastrophic consequences, regardless of how well other components of the system function. The investigation also showcases the effectiveness of modern blockchain analysis tools and methodologies in deconstructing attack scenarios, even when the root cause is fundamentally straightforward


Previous

Smart Contract Post-exploit Analysis: How to find what happened, how and why