Cointime

Cointime

Download App
iOS & Android

Eralend Suffers $3.4 Million in Losses from Attack. Will Hackers Return the Funds?

On July 25, 2023, according to data from Beosin EagleEye, the ZkSync-based decentralized lending protocol, EraLend, suffered an attack resulting in a loss of approximately $3.4 million USD.

EraLend is a decentralized lending protocol designed to maximize capital efficiency while minimizing risks associated with external liquidity and oracle dependencies. The security team at Beosin has provided the following analysis of the incident:

Incident Details:

- Attacking Transactions:

- 0x7ac4da1ea1b0903dfabda56f713ea5e4a960a3fc34467a844d037f86ee8bfe98

- 0x99efebacb3edaa3ac34f7ef462fd8eed85b46be281bd1329abfb215a494ab0ef

- Attacker's Address: 0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a

- Attacking Contracts:

- 0xC5c668DcD437b901DFE877DC99329Ac2ba338035

- 0x7d8772DCe73cDA0332bc47451aB868Ac98F335F0

- Target Contract:

- 0x1181D7BE04D80A8aE096641Ee1A87f7D557c6aeb

Vulnerability Analysis:

The main vulnerability exploited in this attack was a read reentrancy in the price oracle, causing a discrepancy between the ctoken contract's lending value calculation and its liquidation value calculation in the EraLend. This discrepancy allowed the attacker to borrow a higher amount than they needed to repay, enabling them to make profits from the borrowing and liquidation process. The attacker leveraged multiple contracts to carry out these operations and obtain a substantial amount of USDC.

Attack Process:

Taking transaction 0x7ac4da1ea... as an example:

Attack Preparation:

1. The attacker extracted approximately 1.68 ETH from OKX and MEXC to cover the deployment of the attack contract and transaction gas fees.

2. The attacker borrowed 14.08 million USDC and 7566 ETH through a flash loan, staked them to the 0x621425 contract, and obtained 0.29 LP tokens to prepare for the attack.

Attack Phase:

1. The attacker called the burn function of the SyncSwap (0x8011) contract, which destroyed their obtained LP tokens and reclaimed the added liquidity. However, the burn function triggered a specific function (_callback) at the callback address (line 206), which updated the liquidity reserve information only after the callback.

2. When the burn function reached the attacker's malicious contract, it executed pre-prepared malicious code in a specific function. This malicious code reentered the ctoken (0x1181) contract's functions, specifically the repayBorrow and borrow functions, to pledge LP tokens and borrow USDC. However, at this point, the SyncSwap contract's reserve information had not been updated, and the ctoken's borrowing amount calculation depended on the reserve of SyncSwap. Consequently, the attacker borrowed 372,644 USDC based on the reserve before reclaiming liquidity.

3. After the reentrancy ended, the SyncSwap reserve was updated, and the attacker repaid the borrowed amount. Since the updated reserve was used for the calculation, the attacker was able to repay the loan with an amount lower than the borrowed tokens. As a result, the attacker returned 269,585 USDC and made a profit of 103,059 USDC.

4. The attacker repeated the above process using multiple contracts.

5. The attacker repaid the flash loan and transferred the attack profits to his/her address.

Funds Tracking

As of the time of posting, Beosin KYT/AML tracking found that the stolen funds have been transferred to other chains via various cross-chain bridge services such as Orbiter and 1inch.

On the morning of July 27, EraLend posted a letter to the hacker on social media suggesting that the hacker return 90% of the funds and keep 10% of the stolen funds as a white hat bounty, at the time of writing, the hacker has not yet made any restitution.

Summary

In response to this incident, Beosin security team recommends:

1. When relying on the SyncSwap project's real-time reserve volume for price calculation, read reentry scenarios should be considered to prevent inconsistent price calculations for related functions in the same transaction.

2. Before the project goes live, it is recommended to choose a professional security audit company to conduct a comprehensive security audit to avoid risks.

Beosin is a leading global blockchain security company co-founded by several professors from world-renowned universities and there are 40+ PhDs in the team, and set up offices in 10+ cities including Hong Kong, Singapore, Tokyo and Miami. With the mission of “Securing Blockchain Ecosystem”, Beosin provides “All-in-one” blockchain security solution covering Smart Contract Audit, Risk Monitoring & Alert, KYT/AML, and Crypto Tracing. Beosin has already provided security for 2000+ blockchain companies, audited more than 3000 smart contracts and protected our customers’ assets worth of $500 billion.

Contact

If you need any blockchain security services, welcome to contact us:

Official Website Beosin EagleEye Twitter Telegram Linkedin

Comments

All Comments

Recommended for you

  • OpenTrade announces $4 million seed extension round led by AlbionVC

    OpenTrade has announced the completion of a $4 million seed extension financing round to build RWA-supported loan and stablecoin yield products. This round of financing was led by AlbionVC, with participation from a16z Crypto and CMCC Global. OpenTrade plans to use the funds to expand its operations and enhance its product capabilities.

  • BNB Chain Ecosystem Re-staking Infrastructure Kernel Receives Investment from Binance Labs

    BNB Chain's ecological re-staking infrastructure Kernel has announced that it has received investment from Binance Labs. As of now, its total financing amount has reached 10 million US dollars, with main investors including: SCB Limited, Laser Digital, Bankless Ventures, Hypersphere, Draper Dragon, DACM, CYPHER, ArkStream Capital, HTX Ventures, Avid VC, GSR, Cluster Capital, Longhash Ventures, Via BTC, Side Door Ventures, NOIA, and DWF Labs. It is reported that Kernel's mainnet is about to be launched. Kelp provides users with support for Ethereum liquidity re-staking services based on rsETH, while Gain provides DeFi, CeDeFi, and RWA income products. KERNEL tokens are designed to unify the governance and incentive mechanisms of Kelp, Kernel, and Gain, while providing rewards for early supporters of ecosystem development.

  • Morgan Stanley: The U.S. dollar will peak before the end of the year and enter a "bear market pattern" in 2025

    Morgan Stanley predicts that the strong US dollar will peak before the end of the year and then enter a "bearish market trend", slowly declining until 2025. The bank believes that due to the Bank of Japan's rate hikes and gradual easing actions by the Reserve Bank of Australia, the potential for the yen and Australian dollar to rise next year is the greatest.

  • Equation News calls out Binance for "insider trading": You are destroying the sentiment of the trading market

    On November 25th, Formula News reported that to those insider traders who participated in the listing of Binance perpetual contracts, please slow down when selling your chips next time. The WHY and CHEEMS crashes you caused resulted in a 100% negative return for everyone involved in the trade, and you are destroying the emotions of the trade. Earlier today, Binance announced the listing of 1000WHYUSDT and 1000CHEEMSUSDT perpetual contracts, which caused a short-term crash in WHY and CHEEMS and sparked intense discussion within the community.

  • U.S. Congressman Mike Flood: Looking forward to working with the next SEC Chairman to revoke the anti-crypto banking policy SAB 121

     US House of Representatives will investigate Representative Mike Flood's recent statement: "Despite widespread opposition, SAB 121 is still operating as a regulation, even though it has never gone through the normal Administrative Procedure Act process." Flood said, "I look forward to working with the next SEC chairman to revoke SAB 121. Whether Chairman Gary Gensler resigns on his own or President Trump fulfills his promise to dismiss Gensler, the new government has an excellent opportunity to usher in a new era after Gensler's departure." He added, "It's not surprising that Gensler opposed the digital asset regulatory framework passed by the House on a bipartisan basis earlier this year. 71 Democrats and House Republicans passed this common-sense framework together. Although the Democratic-led Senate rejected it, it represented a breakthrough moment for cryptocurrency and may provide information for the work of the unified Republican government when the next Congress begins in January next year."

  • Indian billionaire Adani summoned by US SEC to explain position on bribery case

    Indian billionaire Gautam Adani and his nephew, Sahil Adani, have been subpoenaed by the US Securities and Exchange Commission (SEC) to explain allegations of paying over $250 million in bribes to win solar power contracts. According to the Press Trust of India (PTI), the subpoena has been delivered to the Adani family's residence in Ahmedabad, a city in western India, and they have been given 21 days to respond. The notice, issued on November 21 by the Eastern District Court of New York, states that if the Adani family fails to respond on time, a default judgment will be made against them.

  • U.S. Congressman: SEC Commissioner Hester Peirce may become the new acting chairman of the SEC

    US Congressman French Hill revealed at the North American Blockchain Summit (NABS) that Republican SEC Commissioner Hester Peirce is "likely" to become the new acting chair of the US Securities and Exchange Commission (SEC). He noted that current chair Gary Gensler will step down on January 20, 2025, and the Republican Party will take over the SEC, with Peirce expected to succeed him.

  • Tether spokesperson: The relationship with Cantor is purely business, and the claim that Lutnick influenced regulatory actions is pure nonsense

     a spokesperson for Tether stated: "The relationship between Tether and Cantor Fitzgerald is purely a business relationship based on managing reserves. Claims that Howard Lutnick's joining the transition team in some way implies an influence on regulatory actions are baseless."

  • Bitwise CEO warns that ETHW is not suitable for all investors and has high risks and high volatility

    Hunter Horsley, CEO of Bitwise, posted on X platform that he was happy to see capital inflows into Bitwise's Ethereum exchange-traded fund ETHW, iShares, and Fidelity this Friday. He reminded that ETHW is not a registered investment company under the U.S. Investment Company Act of 1940 and therefore is not protected by the law. ETHW is not suitable for all investors due to its high risk and volatility.

  • Musk said he liked the "WOULD" meme, and the related tokens rose 400 times in a short period of time

    Musk posted a picture on his social media platform saying he likes the "WOULD" meme. As a result, the meme coin with the same name briefly surged. According to GMGN data, the meme coin with the same name created 123 days ago surged over 400 times in a short period of time, with a current market value of 4.5 million US dollars. Reminder to users: Meme coins have no practical use cases, prices are highly volatile, and investment should be cautious.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company