1. BITBILIHome
  2. Article

ZKSync-based Era Lend suffers $3.4 million loss in DeFi exploit

109 views

TL;DR Breakdown

  • Era Lend, a lending protocol on the zkSync network, suffered a $3.4 million loss due to a ‘read-only reentrancy attack’, which allowed the attacker to withdraw funds repeatedly.
  • The attack also impacted the stablecoin USDC+, issued by the Overnight Finance protocol, resulting in a potential loss of over $261,000.
  • In response, Era Lend paused its zkSync contracts to prevent further exploits, highlighting the ongoing security challenges in the DeFi sector.

Description

According to a recent report by blockchain security firm BlockSec, Era Lend, a decentralized lending protocol operating on the zkSync Layer 2 network, has fallen victim to a ‘read-only reentrancy attack’ resulting in a loss of $3.4 million.  The attacker exploited a vulnerability that allowed repeated calls to a function within a single transaction, withdrawing … Read more

According to a recent report by blockchain security firm BlockSec, Era Lend, a decentralized lending protocol operating on the zkSync Layer 2 network, has fallen victim to a ‘read-only reentrancy attack’ resulting in a loss of $3.4 million. 

The attacker exploited a vulnerability that allowed repeated calls to a function within a single transaction, withdrawing more funds than they were entitled to. Also, the exploit involved manipulating a contract to report outdated values that hadn’t been updated yet, taking advantage of a faulty price oracle that Era Lend relied upon.

The impact and response

The attack had repercussions on the stablecoin USDC+, issued by the Overnight Finance protocol, resulting in a potential loss of over $261,000, which represents 7.86% of the total value of the collateral supporting the stablecoin. 

In response to the attack, Era Lend paused the protocol’s zkSync contracts to prevent further exploits. The team also advised users that only the USDC pool was compromised. According to an official statement on Discord, the Era Lend team assured that the security of other assets remains intact—but borrowing operations on the platform have been temporarily halted.

“We have detected and confirmed a cyber attack on our platform. We want to assure you that the attack has been contained, and the threat actor can no longer continue their actions.”

Era Lend Team

The Era Lend exploit has raised concerns for other projects based on the Syncswap project, from which Era Lend is a fork. Security analysts have warned that these projects might also be susceptible to similar exploits. The incident underscores the need for auditors to utilize specialized software to identify these vulnerabilities more effectively, as read-only reentrancy attacks can evade traditional scrutiny and remain harder to identify during auditing processes.

Era Lend operates on the zkSync network, an Ethereum layer-2 rollup utilizing zero-knowledge proofs. As of April, the total value locked in the zkSync network surpassed $110 million. Despite the recent exploit, the network’s developers have ambitious plans to establish an ecosystem of interoperable chains named “Hyperchains” by December 2023.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

文章来源于互联网:ZKSync-based Era Lend suffers $3.4 million loss in DeFi exploit

Disclaimers:

1. You are solely responsible for your investment decisions and this info is not liable for any losses you may incur.

2. The copyright of this article belongs to the writer, it represents the writer's opinions only, not represents the site's ones. Not financial advice.

Previous 2023年7月26日 17:11
Next 2023年7月26日 18:31

Related articles

  • Cronos Labs launches the second cohort of its accelerator program

    TL;DR Breakdown Cronos Labs has launched the second cohort of its accelerator program with a $100 million investment. The second cohort will focus on blockchain and AI projects. Cronos Labs has recently announced the launch of its second cohort for its accelerator program. With a substantial $100 million investment, the program aims to support early-stage cryptocurrency projects by offering mentorship and funding opportunities. Cronos Labs to invest $100 million in the program The selected projects for this cohort were carefully handpicked by Cronos Labs. The eight chosen projects include Omnus, DeMe, Furrend, Solace, Sakaba, Eisen Finance, Earn Network, and CorgiAI. Each of these projects received an upfront seed funding of $30,000 and will undergo a 12-week program. The projects cover a wide range of areas within the cryptocurrency space. These include Web3 game development, smart contract wallet integration, loyalty platforms for Web3 gaming, liquid marketplaces for yield-earning opportunities, and an ecosystem for the peer-to-peer economy of artificial intelligence. The program will focus on AI and blockchain projects The theme of this cohort is the bridging of AI and blockchain technology….

    Article 2023年5月30日

  • US SEC advisory group urges rebranding of leveraged ETFs

    TL;DR Breakdown The SEC’s Investor Advisory Committee (IAC) is pushing for a rebranding of single-stock and leveraged ETFs, due to their distinct functionality from traditional ETFs. These non-traditional ETFs are seen as riskier and have higher fees than traditional ones, leading to investor confusion. Description The Investor Advisory Committee (IAC), an arm of the Securities and Exchange Commission (SEC), is urging a rebranding for single-stock ETFs and other non-traditional exchange traded products (ETPs). According to the committee, the current naming conventions have led to significant investor confusion, primarily because these products function differently from traditional ETFs. Divergent from traditional ETFs … Read more The Investor Advisory Committee (IAC), an arm of the Securities and Exchange Commission (SEC), is urging a rebranding for single-stock ETFs and other non-traditional exchange traded products (ETPs). According to the committee, the current naming conventions have led to significant investor confusion, primarily because these products function differently from traditional ETFs. Divergent from traditional ETFs Single-stock ETFs, which invest directly in one security or via options markets, and leveraged ETFs, which can offer leverage up to five…

    Article 2023年6月29日

  • White House raises concerns about AI surveillance effect

    TL;DR Breakdown The White House has announced plans to hold a listening session with workers to understand their experiences with AI usage by employers for surveillance and evaluation. This initiative follows concerns over potential privacy violations and bias in employment decisions due to AI misuse. The administration will also release an updated roadmap for federal AI investments, request public input on AI risks, and share a new Department of Education report on AI’s impact on education. In a move towards understanding and regulating the implications of artificial intelligence (AI) in the workforce, the White House has announced plans to reach out to employees across various industries. This initiative aims to understand their experiences with the incorporation of AI technology by their employers for monitoring and evaluation purposes. This process comes amidst the exponential rise in AI applications, leading to concerns over privacy breaches and potential misuse. Understanding workers’ experiences with AI The White House’s listening session will include experts in the gig economy, researchers, and policymakers. This collaborative approach intends to foster an environment that promotes understanding of the diverse…

    Article 2023年5月26日

  • Michael Saylor tips future regulation to favor Bitcoin

    TL;DR Breakdown Microstrategy’s Michael Saylor has tipped regulators to drum up rules that will favor Bitcoin in the future. Bitcoin continues to steady upward despite regulatory uncertainty. Michael Saylor, co-founder of MicroStrategy and a prominent advocate for Bitcoin, has expressed his belief that enforcement actions taken by US regulators against cryptocurrency firms could ultimately benefit the leading cryptocurrency. Saylor suggested that such actions, including those by the Securities and Exchange Commission (SEC), may result in a Bitcoin-focused industry that could drive its price to exceed $250,000. Michael Saylor drums regulatory clarity for Bitcoin Saylor highlighted the distinction made by SEC Chair Gary Gensler, who excluded Bitcoin from being classified as a security. According to Saylor, this favorable treatment of Bitcoin by regulators positions it uniquely among cryptocurrencies. He further stated that US regulators seem to lack a positive outlook on cryptocurrencies in general, showing little interest in stablecoins, crypto-tokens, or crypto-based derivatives. The catalyst behind the projected significant price surge, according to Michael Saylor, would be the crypto exchanges. He explained that the SEC views crypto exchanges as platforms for…

    Article 2023年6月17日

  • MetaMask takes user experience to new heights with cutting-edge upgrade

    TL;DR Breakdown MetaMask releases version 10.33 with a sleek and simplified interface for seamless Web3 service utilization. The new MetaMask wallet replaces the cluttered user interface with a single row, providing essential information at a glance. ConsenSys emphasizes security with improved safeguards and integration across various sites for user confidence in transaction authorization. Description MetaMask, the renowned decentralized and non-custodial wallet service, has unveiled the latest version of its application. With the highly anticipated release of version 10.33, MetaMask took to Twitter to announce its revamped wallet, showcasing a sleek and simplified interface aimed at making the utilization of Web3 services, including cryptocurrencies and digital wallets, a seamless experience. … Read more MetaMask, the renowned decentralized and non-custodial wallet service, has unveiled the latest version of its application. With the highly anticipated release of version 10.33, MetaMask took to Twitter to announce its revamped wallet, showcasing a sleek and simplified interface aimed at making the utilization of Web3 services, including cryptocurrencies and digital wallets, a seamless experience. 🦊MetaMask v10.33 is here! With a cleaner layout, more intuitive site connections, network…

    Article 2023年7月9日
TOP