DForce Protocol Exploited Of $3.6 Million On Arbitrum And Optimism Chains
Key Points:
- The Arbitrum and Optimism chains were the targets of a reentrancy attack that cost the DForce DeFi protocol $3.6 million.
- When connected to Curve Finance, a smart contract function used to determine oracle pricing had a weakness that led to the attack.
An apparent reentrancy attack on a Curve vault that the decentralized finance (DeFi) protocol dForce ran on the Arbitrum and Optimism blockchains resulted in the theft of more than $3.6 million.
In a recent tweet, the DeFi initiative acknowledged the situation and added that it had halted its contracts to limit additional harm.
A reentrancy vulnerability, which can happen when an attacker repeatedly calls a smart contract function and pulls assets from it before the contract updates its internal state, appears to have made the attack possible. This may occur if the smart contract code contains a defect or if adequate security measures are not taken.
Following the thread, dForce stated that the price of wstETH/ETH was manipulated by the exploiter using a Curve pool reentrancy flaw, which resulted in the liquidation of 1,031.42 ETH and 30.31 ETH equivalent of wstETH/ETH Curve LP tokens on Arbitrum and Optimum, respectively. It also produced $2.3 million in protocol debt.
The hack caused around $3.6 million in total damages, according to BlockSec and PeckShield, two top crypto security companies.
When connected to Curve Finance, dForce employed a smart contract function that had the reentrancy bug to determine oracle prices on the Arbitrum and Optimism chains.
When linked to Curve, any protocol can call the particular function, known as “get_virtual_price,” which provides an approximated oracle price. It is used to figure out how much the liquidity pool token will cost.
According to The Block, Matthew Jiang, director of security services at BlockSec, said that any protocol using the “get_virtual_price” function to calculate the price oracle is vulnerable, including dForce.
Projects need to be more cautious and take additional steps while estimating oracle prices, as they can be manipulated by malicious actors to carry out reentrancy attacks.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Thana
Coincu News
Author
News
DForce Protocol Exploited Of $3.6 Million On Arbitrum And Optimism Chains
Key Points:
- The Arbitrum and Optimism chains were the targets of a reentrancy attack that cost the DForce DeFi protocol $3.6 million.
- When connected to Curve Finance, a smart contract function used to determine oracle pricing had a weakness that led to the attack.
An apparent reentrancy attack on a Curve vault that the decentralized finance (DeFi) protocol dForce ran on the Arbitrum and Optimism blockchains resulted in the theft of more than $3.6 million.
In a recent tweet, the DeFi initiative acknowledged the situation and added that it had halted its contracts to limit additional harm.
A reentrancy vulnerability, which can happen when an attacker repeatedly calls a smart contract function and pulls assets from it before the contract updates its internal state, appears to have made the attack possible. This may occur if the smart contract code contains a defect or if adequate security measures are not taken.
Following the thread, dForce stated that the price of wstETH/ETH was manipulated by the exploiter using a Curve pool reentrancy flaw, which resulted in the liquidation of 1,031.42 ETH and 30.31 ETH equivalent of wstETH/ETH Curve LP tokens on Arbitrum and Optimum, respectively. It also produced $2.3 million in protocol debt.
The hack caused around $3.6 million in total damages, according to BlockSec and PeckShield, two top crypto security companies.
When connected to Curve Finance, dForce employed a smart contract function that had the reentrancy bug to determine oracle prices on the Arbitrum and Optimism chains.
When linked to Curve, any protocol can call the particular function, known as “get_virtual_price,” which provides an approximated oracle price. It is used to figure out how much the liquidity pool token will cost.
According to The Block, Matthew Jiang, director of security services at BlockSec, said that any protocol using the “get_virtual_price” function to calculate the price oracle is vulnerable, including dForce.
Projects need to be more cautious and take additional steps while estimating oracle prices, as they can be manipulated by malicious actors to carry out reentrancy attacks.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Thana
Coincu News
Other Posts
Related Posts
News
90% Of Stablecoin Transaction Volumes Have No Participation From Real Users
Analysis
Market Overview (Apr 29 – May 5): Ethereum Security Status, Bitcoin ETF, and Market Predictions
Press Releases
BioMatrix introduces PoY, World’s 1st UBI token with 60yrs Issuance Commitment
News
90% Of Stablecoin Transaction Volumes Have No Participation From Real Users
Knowledge
US Election Predictions: The Effects And Importance Of The New US President
News
