1. BITBILIHome
  2. Article

ZKSync-based Era Lend suffers $3.4 million loss in DeFi exploit

28 views

TL;DR Breakdown

  • Era Lend, a lending protocol on the zkSync network, suffered a $3.4 million loss due to a ‘read-only reentrancy attack’, which allowed the attacker to withdraw funds repeatedly.
  • The attack also impacted the stablecoin USDC+, issued by the Overnight Finance protocol, resulting in a potential loss of over $261,000.
  • In response, Era Lend paused its zkSync contracts to prevent further exploits, highlighting the ongoing security challenges in the DeFi sector.

Description

According to a recent report by blockchain security firm BlockSec, Era Lend, a decentralized lending protocol operating on the zkSync Layer 2 network, has fallen victim to a ‘read-only reentrancy attack’ resulting in a loss of $3.4 million.  The attacker exploited a vulnerability that allowed repeated calls to a function within a single transaction, withdrawing … Read more

According to a recent report by blockchain security firm BlockSec, Era Lend, a decentralized lending protocol operating on the zkSync Layer 2 network, has fallen victim to a ‘read-only reentrancy attack’ resulting in a loss of $3.4 million. 

The attacker exploited a vulnerability that allowed repeated calls to a function within a single transaction, withdrawing more funds than they were entitled to. Also, the exploit involved manipulating a contract to report outdated values that hadn’t been updated yet, taking advantage of a faulty price oracle that Era Lend relied upon.

The impact and response

The attack had repercussions on the stablecoin USDC+, issued by the Overnight Finance protocol, resulting in a potential loss of over $261,000, which represents 7.86% of the total value of the collateral supporting the stablecoin. 

In response to the attack, Era Lend paused the protocol’s zkSync contracts to prevent further exploits. The team also advised users that only the USDC pool was compromised. According to an official statement on Discord, the Era Lend team assured that the security of other assets remains intact—but borrowing operations on the platform have been temporarily halted.

“We have detected and confirmed a cyber attack on our platform. We want to assure you that the attack has been contained, and the threat actor can no longer continue their actions.”

Era Lend Team

The Era Lend exploit has raised concerns for other projects based on the Syncswap project, from which Era Lend is a fork. Security analysts have warned that these projects might also be susceptible to similar exploits. The incident underscores the need for auditors to utilize specialized software to identify these vulnerabilities more effectively, as read-only reentrancy attacks can evade traditional scrutiny and remain harder to identify during auditing processes.

Era Lend operates on the zkSync network, an Ethereum layer-2 rollup utilizing zero-knowledge proofs. As of April, the total value locked in the zkSync network surpassed $110 million. Despite the recent exploit, the network’s developers have ambitious plans to establish an ecosystem of interoperable chains named “Hyperchains” by December 2023.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

文章来源于互联网:ZKSync-based Era Lend suffers $3.4 million loss in DeFi exploit

Disclaimers:

1. You are solely responsible for your investment decisions and this info is not liable for any losses you may incur.

2. The copyright of this article belongs to the writer, it represents the writer's opinions only, not represents the site's ones. Not financial advice.

Previous 2023年7月26日 17:11
Next 2023年7月26日 18:31

Related articles

  • Terra Classic community votes to cease USTC minting for peg stability

    TL;DR Breakdown The Terra Classic community has voted to halt all minting and reminting activities associated with USTC. The primary objective is to protect the interests of both the Terra Classic community and external investors.  The proposal carries significant implications for the crypto industry. Description In a significant move aimed at restoring stability, the Terra Classic community has voted to halt all minting and reminting activities associated with TerraUSD Classic (USTC). This decision comes as part of a broader effort to reestablish a stable peg between USTC and the United States dollar. The community vote, which concluded with a 59% … Read more In a significant move aimed at restoring stability, the Terra Classic community has voted to halt all minting and reminting activities associated with TerraUSD Classic (USTC). This decision comes as part of a broader effort to reestablish a stable peg between USTC and the United States dollar. The community vote, which concluded with a 59% majority in favor of discontinuing USTC minting, is seen as a pivotal step towards addressing the recent turmoil in the Terra Classic…

    Article 2023年9月25日

  • LUNC validator breathes new life into struggling community

    TL;DR Breakdown ClassyCrypto’s return brings renewed hope for the struggling LUNC Classic cryptocurrency. ClassyCrypto plans to actively participate in the LUNC network’s governance and collaborate with developers for substantial changes. The LUNC community eagerly anticipates ClassyCrypto’s reinvigorated involvement in the project. Description In a surprising turn of events, popular Twitter personality, and LUNC validator, ClassyCrypto, has breathed new life into the struggling LUNC Classic (LUNC) cryptocurrency. Taking to Twitter, ClassyCrypto announced his intentions to participate in the LUNC network’s governance actively, signaling a strong commitment to pushing for substantial changes. Acknowledging the past failures and setbacks of … Read more In a surprising turn of events, popular Twitter personality, and LUNC validator, ClassyCrypto, has breathed new life into the struggling LUNC Classic (LUNC) cryptocurrency. Taking to Twitter, ClassyCrypto announced his intentions to participate in the LUNC network’s governance actively, signaling a strong commitment to pushing for substantial changes. Acknowledging the past failures and setbacks of the LUNC system, ClassyCrypto emphasized that these experiences have served as valuable lessons for both LUNC validators and other interested parties. In a recent tweet,…

    Article 2023年7月9日

  • ECB on edge: Will rates surge again? Experts weigh in

    TL;DR Breakdown The European Central Bank (ECB) is at a crossroads, considering whether to raise interest rates for the tenth time in a row. Dwindling business confidence and a decline in German industrial production signal potential economic downturn. Despite these concerns, inflation in the eurozone remains high at 5.3%, well above the ECB’s 2% target. Description The financial world stands poised, eyes locked on the European Central Bank (ECB). Speculation mounts as experts debate the ECB’s next move. Will they raise interest rates once more, or has the peak of their tightening policy been reached? As the dust from previous policy changes begins to settle, a fresh storm of uncertainty looms … Read more The financial world stands poised, eyes locked on the European Central Bank (ECB). Speculation mounts as experts debate the ECB’s next move. Will they raise interest rates once more, or has the peak of their tightening policy been reached? As the dust from previous policy changes begins to settle, a fresh storm of uncertainty looms large. A Game of Predictions and Expectations After a steady climb…

    Article 2023年9月11日

  • Asian countries hold meeting on de-dollarization measures

    TL;DR Breakdown Top officials from nine Asian countries met in Tehran to discuss de-dollarization. The meeting was under the Asian Clearing Union (ACU), with representatives from non-ACU nations also attending. Iran’s First Vice President, Mohammad Mokhber, referred to the move as an inevitable response to the ‘weaponization project of the dollar’. Iran is progressively moving away from the USD in bilateral trade with Russia and is seeking to join the BRICS economic block. High-ranking officials from across Asia converged in Tehran this week, placing the spotlight on talks surrounding the ambitious goal of de-dollarization within the region. Leaders from nine Asian nations came together under the umbrella of the Asian Clearing Union (ACU), opening discussions on lessening the influence of the US dollar on their economies. Asia’s response to ‘dollar weaponization’ In the 51st ACU meeting, representatives from Bangladesh, Bhutan, India, Iran, Maldives, Myanmar, Nepal, Pakistan, and Sri Lanka initiated a crucial dialogue on how to reduce their economic reliance on the dollar. Notably, figures from non-ACU nations such as Russia, Belarus, and Afghanistan also lent their voices to the…

    Article 2023年5月27日

  • UBS ramps up hiring to serve affluent US investors

    TL;DR Breakdown UBS is intensifying its hiring of wealth managers in the U.S., even while considering a 30% cut in its global workforce after acquiring Credit Suisse. The bank has recruited 50 financial advisors from top institutions in H1 2023, including a 13-member team from Merrill Lynch. UBS is focusing on the lucrative U.S. market, the world’s largest wealth market, to build its business. Description Unmistakably, UBS is making strides in strengthening its footing in the highly lucrative U.S. wealth market. In a bold move, UBS intensifies hiring wealth managers to cater to the affluent American populace, a move unfolding even as the financial giant mulls over shedding up to a third of its workforce globally, following the acquisition of … Read more Unmistakably, UBS is making strides in strengthening its footing in the highly lucrative U.S. wealth market. In a bold move, UBS intensifies hiring wealth managers to cater to the affluent American populace, a move unfolding even as the financial giant mulls over shedding up to a third of its workforce globally, following the acquisition of Credit Suisse….

    Article 2023年7月5日
TOP