Head Topics

ZkSync-based Era Lend loses $3.4 million in DeFi exploit

Norge Nyheter Nyheter

ZkSync-based Era Lend loses $3.4 million in DeFi exploit
Norge Siste Nytt,Norge Overskrifter
  • 📰 TheBlock__
  • ⏱ Reading Time:
  • 63 sec. here
  • 3 min. at publisher
  • 📊 Quality Score:
  • News: 29%
  • Publisher: 53%

ICYMI: ZkSync-based Era Lend loses $3.4 million in DeFi exploit

The attack exploited a read-only reentrancy vulnerability that allowed the hacker to make repeated calls to a function within a single transaction, withdrawing more funds than they were entitled to. Taking advantage of a faulty price oracle that Era Lend relied upon, the attacker used the reentrancy exploit to further drain assets from the protocol.

Typically, view functions labeled as read-only are considered safe, often lacking reentrancy protection since they don’t change the contract’s state. The term “read-only” indicates that the function merely performs a view action, such as calculating a token balance based on a third-party pool’s supply. In this incident, the third-party was another decentralized exchange called SyncSwap. However, as this case demonstrates, these functions can be manipulated to siphon off substantial funds.

“The attacker altered the LP’s price during the burn/mint actions of SyncSwap, using its reserves to determine the LP price [on Era Lend],” Lei Wu, co-founder and CTO of BlockSec, told The Block. “All projects that utilize the SyncSwap code should remain alert.”“We have detected and confirmed a cyber attack on our platform.

As a precautionary measure, the team advised users to refrain from depositing USDC for the time being. Additionally, borrowing operations on the platform have been temporarily halted, the team added. © 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Vi har oppsummert denne nyheten slik at du kan lese den raskt. Er du interessert i nyhetene kan du lese hele teksten her. Les mer:

TheBlock__ /  🏆 464. in US

Norge Siste Nytt, Norge Overskrifter

Similar News:Du kan også lese nyheter som ligner på denne som vi har samlet inn fra andre nyhetskilder.

Era Lend on zkSync exploited for $3.4M in reentrancy attackEra Lend on zkSync exploited for $3.4M in reentrancy attackThe lending app was drained of funds using a “read-only reentrancy” bug, a type of vulnerability that is often difficult for auditors to spot.
Les mer »

ZkSync's Largest Lender Struck by $3.4M ExploitZkSync's Largest Lender Struck by $3.4M Exploit.Era_Lend, the largest crypto lender on Ethereum scaling blockchain zksync, has fallen victim to a $3.4 million read-only reentrancy attack. Reporting by oknightcrypto.
Les mer »

Founder of defunct Midas Investments launches new DeFi investment platform Locus FinanceFounder of defunct Midas Investments launches new DeFi investment platform Locus FinanceLocus Finance is a DeFi protocol that gives users access to high yield-bearing tokenized vaults.
Les mer »

Cardano's Plan to Surpass Ethereum Takes New Turn, Here's HowCardano's Plan to Surpass Ethereum Takes New Turn, Here's HowCardano is in obvious lead over Ethereum, per native tokens locked in their DeFi protocols
Les mer »

Wildcat protocol, DeFi legal precedent, and grey hat hackersWildcat protocol, DeFi legal precedent, and grey hat hackersWildcat protocol creator Laurence Day discusses counter exploits, court interventions in DeFi, and more, live from EthCC in Paris.
Les mer »



Render Time: 2025-03-04 13:16:50