According to a report by blockchain security firm CertiK on July 25, the lending app Era Lend on zkSync has experienced exploitation resulting in $3.4 million worth of cryptocurrency being compromised.
The attacker drained the funds using a “read-only reentrancy attack,” a type of exploitation that disrupts a multi-step process and allows it to repeatedly execute the same process multiple times after carrying out a malicious action. More precisely, a “read-only” reentrancy refers to exploitation that doesn’t modify the state of a contract.
As per the report, the attacker depleted funds in two distinct transactions, utilizing the externally owned account 0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a.
By exploiting a vulnerability in the “callback” and “_updateReserves” function, the attacker manipulated a contract to report outdated values that hadn’t been updated yet. It’s worth noting that Era Lend is a fork of the Syncswap project, and CertiK warned that other projects based on Syncswap might also be susceptible to this exploit.
According to Twitter user Spreek, within the Syncswap code, there exists a possibility for a user to “burn, then callback before update_reserves is called,” which triggers the oracle to report inaccurate values.
Additionally, Spreek’s report highlighted that the Era Lend team acknowledged the attack and took swift action by pausing the protocol’s zkSync contracts to prevent any further exploits from occurring.
According to another blockchain investigator named Saul on Twitter, the attack had repercussions on the stablecoin USDC+, which is issued by the Overnight Finance protocol. Saul reported that the Overnight team acknowledged the vulnerability and acted promptly by pausing their own contracts too. The impact of the attack resulted in a potential loss of over $261,000, which represents 7.86% of the total value of the collateral supporting the stablecoin.
In a blog post dated June 7, pseudonymous blockchain investigator Officer’s Notes provided an explanation of how read-only reentrancy attacks are executed. The post mentioned that these vulnerabilities pose challenges for auditors to detect because their focus is typically on entry points that modify the state when searching for reentrancy issues. As a result, read-only reentrancy attacks can evade traditional scrutiny and remain harder to identify during auditing processes.
To address this challenge, Officer’s Notes suggests that auditors should utilize specialized software to assist them in identifying these vulnerabilities more effectively.
Era Lend operates on the zkSync network, an Ethereum layer-2 rollup utilizing zero-knowledge proofs. In April, the total value locked in the zkSync network surpassed $110 million. Furthermore, the network’s developers have ambitious plans to establish an ecosystem of interoperable chains named “Hyperchains” by December 2023.
Mubashir Ahmed is a multifaceted market analyst with extensive knowledge of the blockchain industry. He is proficient in market analysis and blockchain technology, having had experience with numerous projects in the space. He has a deep understanding of the Cryptocurrency industry, its trends, and how to best approach investing in it.
