Blockchain
Era Lend on zkSync exploited for $3.4M in reentrancy attack – Crypto News
Lending app Era Lend on zkSync has been exploited for $3.4 million worth of crypto, according to a July 25 report from blockchain security firm CertiK. The attacker used a “read-only reentrancy attack” to drain the funds, which is a type of attack that interrupts a multi-step process and then causes it to continue after a malicious action has been performed. Specifically, a “read-only” reentrancy is one that does not update the state of a contract.
We are seeing reports that @Era_Lend has been exploited on zkSync
Total losses appear to be $3.4 million in a read only reentrancy attack.
See more below https://t.co/h8xrjccE5i
— CertiK Alert (@CertiKAlert) July 25, 2023
According to the report, the attacker drained funds in two separate transactions, using the externally owned account 0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a. They relied on a vulnerability in the “callback and _updateReserves function” to manipulate a contract into reporting old values that had not yet been updated.
Era Lend is a fork of the Syncswap project, and CertiK claimed that other projects based on Syncswap may also be vulnerable to the exploit.
On-chain sleuth and Twitter user Spreek reported that the Syncswap code allows a user to “burn, then callback before update_reserves is called,” causing the oracle to report incorrect values.
in the syncswap LP tokens, one can burn, then callback before update_reserves is called. so the oracle uses an incorrect reserve value to calculate the price, resulting in an inflating oracle price. pic.twitter.com/0U7Vu7BzJM
— Spreek (@spreekaway) July 25, 2023
Spreek also reported that the Era Lend team had accepted The attack and paused the protocol’s zkSync contracts to prevent further exploits.
Another blockchain investigator, known on Twitter as Saul, reported that the attack had Affected The stablecoin USDC+, which is issued by the Overnight Finance protocol. According to Saul, the Overnight team has acknowledged the exposure and has paused its own contracts as well. Over $261,000, or 7.86% of the total value of the collateral backing the stablecoin, may have been lost.
In a June 7 blog post explained how read-only reentrancy attacks are carried out, pseudonymous blockchain investigator Officer’s Notes stated that these vulnerabilities are difficult for auditors to spot, since “Typically, auditors and bug hunters are only concerned with entry points that modify state when looking for reentrancy.”
To help alleviate this problem, Officer’s Notes recommends that auditors use specialized software to aid them in finding these vulnerabilities.
Era Lend runs on the zkSync network, a zero-knowledge proof Ethereum layer-2 rollup. In April, the network’s total value locked reached over $110 million, The network’s developers intend to create an ecosystem of interoperable chains called “Hyperchains” by the end of the year.
-
Blockchain7 days agoThe Quantum Clock Is Ticking on Blockchain Security – Crypto News
-
Technology1 week agoHow Americans are using AI at work, according to a new Gallup poll – Crypto News
-
Technology1 week ago
How Americans are using AI at work, according to a new Gallup poll – Crypto News
-
Blockchain1 week agoTether Launches Dollar-Backed Stablecoin USAT – Crypto News
-
Metaverse4 days agoContext engineering and the Future of AI-powered business – Crypto News
-
Cryptocurrency1 week agoRiver Crypto Token Up 1,900% in the Last Month—What’s the Deal? – Crypto News
-
Metaverse3 days agoStop panicking about AI. Start preparing – Crypto News
-
others1 week agoUS Heiress Slaps Billion-Dollar Lawsuit on Banks for Allegedly Aiding the Looting of Her $350,000,000 Trust Fund – Crypto News
-
Blockchain1 week agoTrump-Backed WLFI Snaps Up 2,868 ETH, Sells $8M WBTC – Crypto News
-
Blockchain1 week ago
Trump-Backed WLFI Snaps Up 2,868 ETH, Sells $8M WBTC – Crypto News
-
Blockchain1 week agoUS Storm Smashes Bitcoin Mining Power, Sending Hash Rates Tumbling – Crypto News
-
Metaverse1 week agoIs AI eating up jobs in UK? New report paints bleak picture – Crypto News
-
Cryptocurrency1 week agoTrump family-backed American Bitcoin achieves 116% BTC yield – Crypto News
-
Metaverse4 days agoContext engineering and the Future of AI-powered business – Crypto News
-
Metaverse4 days ago
Context engineering and the Future of AI-powered business – Crypto News
-
Blockchain1 week agoBitcoin Gets the Macro Bug as $87,000 Comes Into Play – Crypto News
-
Cryptocurrency1 week agoMakinaFi hit by $4.1M Ethereum hack as MEV tactics suspected – Crypto News
-
Technology1 week ago
How Americans are using AI at work, according to a new Gallup poll – Crypto News
-
others1 week agoPBOC sets USD/CNY reference rate at 6.9843 vs. 6.9929 previous – Crypto News
-
Blockchain1 week agoKalshi Expands Political Footprint with DC Office, Democratic Hire – Crypto News
-
Technology1 week agoElon Musk says ‘WhatsApp is not secure’ amid Meta privacy lawsuit; Sridhar Vembu cites ‘conflict of interest’ – Crypto News
-
Cryptocurrency1 week agoRiver price defies market downturn, explodes 40% to new ATH – Crypto News
-
Technology1 week ago
Fed Rate Cut Odds in January Crash to 99% Ahead of Dollar Yen Intervention- Will BTC React? – Crypto News
-
Cryptocurrency1 week ago
Fed Rate Cut Odds in January Crash to 99% Ahead of Dollar Yen Intervention- Will BTC React? – Crypto News
-
Blockchain1 week agoBitcoin Gets the Macro Bug as $87,000 Comes Into Play – Crypto News
-
Business1 week ago
Bitcoin and XRP Price At Risk As US Govt. Shutdown Odds Reach 73% – Crypto News
-
Business1 week ago
Bitcoin and XRP Price At Risk As US Govt. Shutdown Odds Reach 73% – Crypto News
-
Business1 week ago
Bitcoin Sentiment Weakens BTC ETFs Lose $103M- Is A Crash Imminent? – Crypto News
-
Business1 week ago
Japan Set to Launch First Crypto ETFs as Early as 2028: Nikkei – Crypto News
-
Cryptocurrency1 week agoRYO Digital Announces 2025 Year-End Milestones Across Its Ecosystem – Crypto News
-
Cryptocurrency1 week agoRiver Crypto Token Up 1,900% in the Last Month—What’s the Deal? – Crypto News
-
Business1 week ago
Experts Advise Caution As Crypto Market Heads Into A Bearish Week Ahead – Crypto News
-
Business1 week ago
Experts Advise Caution As Crypto Market Heads Into A Bearish Week Ahead – Crypto News
-
Blockchain1 week ago‘Most Reliable’ Bitcoin Price Signal Hints at a 2026 Bull Run – Crypto News
-
Technology1 week ago
Bitcoin And XRP Price Prediction Ahead of FOMC Meeting Tomorrow, Jan 28 – Crypto News
-
Technology1 week ago
Bitcoin And XRP Price Prediction Ahead of FOMC Meeting Tomorrow, Jan 28 – Crypto News
-
Technology1 week ago
Bitcoin And XRP Price Prediction Ahead of FOMC Meeting Tomorrow, Jan 28 – Crypto News
-
Business1 week ago
Bitcoin Faces Renewed Volatility as Investors Explore Options Like Everlight – Crypto News
-
others1 week ago
Jerome Powell Speech Tomorrow: What to Expect From Fed Meeting for Crypto Market? – Crypto News
-
Technology1 week ago
Fed Rate Cut Odds in January Crash to 99% Ahead of Dollar Yen Intervention- Will BTC React? – Crypto News
-
Business1 week ago
Bitcoin and XRP Price At Risk As US Govt. Shutdown Odds Reach 73% – Crypto News
-
others1 week ago
U.S. Shutdown Odds Hit 78% as CLARITY Act Faces Fresh Uncertainty – Crypto News
-
others1 week ago478,188 Americans Warned After Hackers Strike Government-Related Firm Handling Sensitive Personal Data – Crypto News
-
Blockchain1 week agoCZ Won’t Return to Binance, Bullish on Bitcoin Supercycle – Crypto News
-
Blockchain1 week agoSolana (SOL) Slips Further As Bears Target Deeper Support Zones – Crypto News
-
Technology1 week agoIs TikTok still down in the United States? Check current status – Crypto News
-
Cryptocurrency1 week agoThe productivity bull case for almost everything – Crypto News
-
Business1 week ago
Experts Advise Caution As Crypto Market Heads Into A Bearish Week Ahead – Crypto News
-
Technology1 week ago
Bitcoin And XRP Price Prediction Ahead of FOMC Meeting Tomorrow, Jan 28 – Crypto News
-
Cryptocurrency1 week agoHyperliquid explained: The $3 trillion DEX that’s shaking up crypto trading – Crypto News