Loan app Era Lend on zkSync has been mined for $3.4 million in cryptocurrency, according to a July 25 report from blockchain security firm CertiK. The attacker used a "read-only re-entry attack" to drain funds, which is a type of attack that interrupts a multi-step process and then causes it to continue after a malicious action has been performed. Specifically, a "read-only" reentrance is one that does not update the state of a contract.
We are seeing reports that @Era_Lend has been exploited in zkSync
Total losses appear to be $3.4 million in a read-only reentrancy attack
see below https://t.co/h8xrjccE5i
โ CertiK Alert (@CertiKAlert) July 25, 2023
According to the report, the attacker drained funds in two separate transactions, using the externally owned account 0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a. They relied on a vulnerability in the "_updateReserves and callback function" to manipulate a contract to report old values โโthat had not yet been updated.
Era Lend is a fork of the Syncswap project, and CertiK claimed that other projects based on Syncswap may also be vulnerable to the exploit.
On-chain detective and Twitter user Spreek reported that the Syncswap code allows a user to โrecord and then call back before update_reserves is calledโ, causing the oracle to report incorrect values.
in syncswap LP tokens, one can save, then call back before calling update_reserves. so the oracle uses an incorrect reserve value to calculate the price, resulting in an inflated oracle price. pic.twitter.com/0U7Vu7BzJM
โ Speak (@speakaway) July 25, 2023
Spreek also reported that the Era Lend team had admitted the attack and stopped the protocol's zkSync contracts to prevent further attacks.
Another blockchain researcher, known on Twitter as Saul, reported that the attack had affected USDC+ stablecoin, which is issued by the Overnight Finance protocol. According to Saul, Overnight's team acknowledged the exposure and also stopped their own contracts. More than $261,000, or 7.86% of the total value of the collateral backing the stablecoin, may have been lost.
In a June 7 blog post explaining How read-only reentrancy attacks are carried out, pseudonymous blockchain researcher Officer's Notes stated that these vulnerabilities are difficult for auditors to detect, as "auditors and bug hunters typically only care about entry points that change state when they seek reentrancy."
To help alleviate this problem, Officer's Notes recommends that auditors use specialized software to help them find these vulnerabilities.
Era Lend runs on the zkSync network, a zero-knowledge proof Ethereum Layer 2 rollup. In April, the total value of the network locked exceeded 110 million dollars. The developers of the network intend create an ecosystem of interoperable chains called "Hyperchains" by the end of the year.
Post navigation
