Key Points:
In a recent tweet, the DeFi initiative acknowledged the situation and added that it had halted its contracts to limit additional harm.
A reentrancy vulnerability, which can happen when an attacker repeatedly calls a smart contract function and pulls assets from it before the contract updates its internal state, appears to have made the attack possible. This may occur if the smart contract code contains a defect or if adequate security measures are not taken.
Following the thread, dForce stated that the price of wstETH/ETH was manipulated by the exploiter using a Curve pool reentrancy flaw, which resulted in the liquidation of 1,031.42 ETH and 30.31 ETH equivalent of wstETH/ETH Curve LP tokens on Arbitrum and Optimum, respectively. It also produced $2.3 million in protocol debt.
The hack caused around $3.6 million in total damages, according to BlockSec and PeckShield, two top crypto security companies.
When connected to Curve Finance, dForce employed a smart contract function that had the reentrancy bug to determine oracle prices on the Arbitrum and Optimism chains.
When linked to Curve, any protocol can call the particular function, known as “get_virtual_price,” which provides an approximated oracle price. It is used to figure out how much the liquidity pool token will cost.
According to The Block, Matthew Jiang, director of security services at BlockSec, said that any protocol using the “get_virtual_price” function to calculate the price oracle is vulnerable, including dForce.
Projects need to be more cautious and take additional steps while estimating oracle prices, as they can be manipulated by malicious actors to carry out reentrancy attacks.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Thana
Coincu News
BlackRock Bitcoin ETF startled the financial markets, with $1.1 billion of trading volume said to…
Spot Ethereum ETFs may start trading any day now.
Binance.US in Washington will halt operations on August 20, 2024, due to regulatory issues.
SEC Chair Gary Gensler stated that the spot Ethereum ETF approval is progressing smoothly.
London, United Kingdom, 25th June 2024, Chainwire
Chicago, United States, 25th June 2024, Chainwire
This website uses cookies.