Era Lend on zkSync exploited for $3.4M in reentrancy attack

9 months ago 57

The lending app was drained of funds utilizing a “read-only reentrancy” bug, a benignant of vulnerability that is often hard for auditors to spot.

Era Lend connected  zkSync exploited for $3.4M successful  reentrancy attack

Lending app Era Lend connected zkSync has been exploited for $3.4 cardinal worthy of crypto, according to a July 25 study from blockchain information steadfast CertiK. The attacker utilized a “read-only reentrancy attack” to drain the funds, which is simply a benignant of onslaught that interrupts a multi-step process and past causes it to proceed aft a malicious enactment has been performed. Specifically, a “read-only” reentrancy is 1 that does not update the authorities of a contract.

— CertiK Alert (@CertiKAlert) July 25, 2023

According to the report, the attacker drained funds successful 2 abstracted transactions, utilizing the externally owned relationship 0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a. They relied connected a vulnerability successful the “the callback and _updateReserves function” to manipulate a declaration into reporting aged values that had not yet been updated.

Era Lend is simply a fork of the Syncswap project, and CertiK claimed that different projects based connected Syncswap whitethorn besides beryllium susceptible to the exploit.

On-chain sleuth and Twitter idiosyncratic Spreek reported that the Syncswap codification allows a idiosyncratic to “burn, past callback earlier update_reserves is called,” causing the oracle to study incorrect values.

in the syncswap LP tokens, 1 tin burn, past callback earlier update_reserves is called. truthful the oracle uses an incorrect reserves worth to cipher the price, resulting successful an inflating oracle price.

— Spreek (@spreekaway) July 25, 2023

Spreek besides reported that the Era Lend squad had acknowledged the onslaught and paused the protocol’s zkSync contracts to forestall further exploits.

Another blockchain investigator, known connected Twitter arsenic Saul, reported that the onslaught had affected stablecoin USDC+, which is issued by the Overnight Finance protocol. According to Saul, the Overnight squad has acknowledged the vulnerability and has paused its ain contracts arsenic well. Over $261,000, oregon 7.86% of the full worthy of the collateral backing the stablecoin, whitethorn person been lost.

In a June 7 blog station explaining however read-only reentrancy attacks are carried out, pseudonymous blockchain researcher Officer’s Notes stated that these vulnerabilities are hard for auditors to spot, since “Typically, auditors and bug hunters are lone acrophobic with introduction points that modify authorities erstwhile looking for reentrancy.”

To assistance alleviate this problem, Officer’s Notes recommends that auditors usage specialized bundle to assistance them successful uncovering these vulnerabilities.

Era Lend runs connected the zkSync network, a zero-knowledge impervious Ethereum layer-2 rollup. In April, the network’s full worth locked reached implicit $110 million. The network’s developers mean to create an ecosystem of interoperable chains called “Hyperchains” by the extremity of the year.

Read Entire Article