News

DForce Protocol Exploited Of $3.6 Million On Arbitrum And Optimism Chains

Key Points:

  • The Arbitrum and Optimism chains were the targets of a reentrancy attack that cost the DForce DeFi protocol $3.6 million.
  • When connected to Curve Finance, a smart contract function used to determine oracle pricing had a weakness that led to the attack.
An apparent reentrancy attack on a Curve vault that the decentralized finance (DeFi) protocol dForce ran on the Arbitrum and Optimism blockchains resulted in the theft of more than $3.6 million.

In a recent tweet, the DeFi initiative acknowledged the situation and added that it had halted its contracts to limit additional harm.

A reentrancy vulnerability, which can happen when an attacker repeatedly calls a smart contract function and pulls assets from it before the contract updates its internal state, appears to have made the attack possible. This may occur if the smart contract code contains a defect or if adequate security measures are not taken.

Following the thread, dForce stated that the price of wstETH/ETH was manipulated by the exploiter using a Curve pool reentrancy flaw, which resulted in the liquidation of 1,031.42 ETH and 30.31 ETH equivalent of wstETH/ETH Curve LP tokens on Arbitrum and Optimum, respectively. It also produced $2.3 million in protocol debt.

The hack caused around $3.6 million in total damages, according to BlockSec and PeckShield, two top crypto security companies.

When connected to Curve Finance, dForce employed a smart contract function that had the reentrancy bug to determine oracle prices on the Arbitrum and Optimism chains.

When linked to Curve, any protocol can call the particular function, known as “get_virtual_price,” which provides an approximated oracle price. It is used to figure out how much the liquidity pool token will cost.

According to The Block, Matthew Jiang, director of security services at BlockSec, said that any protocol using the “get_virtual_price” function to calculate the price oracle is vulnerable, including dForce.

Projects need to be more cautious and take additional steps while estimating oracle prices, as they can be manipulated by malicious actors to carry out reentrancy attacks.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Thana

Coincu News

Thana

I am a news editor at Coincu, where I produce daily editorial packages and manage the knowledge and review article sections. Before journalism, I earned a Bachelor's degree in Global Logistics and Supply Chain Management from Northampton University and studied news journalism at Press Association Training.

Share
Published by
Thana
Tags: ArbitrumArbitrum DeveloperArbitrumsDForceoptimismOptimism hackWeb3
1 year ago

Recent Posts

BlackRock Bitcoin ETF Surges with $1.1 Billion Trading Volume Today!

BlackRock Bitcoin ETF startled the financial markets, with $1.1 billion of trading volume said to…

3 hours ago

VanEck’s spot Ethereum ETFs Poised for Launch Amid Fee Battles!

Spot Ethereum ETFs may start trading any day now.

4 hours ago

Binance.US in Washington Will Suspend Services on August 20

Binance.US in Washington will halt operations on August 20, 2024, due to regulatory issues.

5 hours ago

Spot Ethereum ETF Approval Is Now Progressing Smoothly, SEC Chair Says

SEC Chair Gary Gensler stated that the spot Ethereum ETF approval is progressing smoothly.

6 hours ago

Minutes Network closes in on its first 1.2 billion users with Smart Energy Water

London, United Kingdom, 25th June 2024, Chainwire

11 hours ago

GolfN Tees Up Play-to-Earn Golf Following $1.3M Pre-Seed Raise

Chicago, United States, 25th June 2024, Chainwire

12 hours ago

This website uses cookies.