Era Lend Falls Victim to Reentrancy Attack
Era Lend, a decentralized lending protocol on zkSync Layer 2, has suffered a loss of $3.4 million due to a reentrancy attack. Here are the key points:
– The attack exploited a read-only reentrancy vulnerability, allowing the hacker to withdraw more funds than they were entitled to.
– The attacker took advantage of a faulty price oracle used by Era Lend and used the reentrancy exploit to drain assets from the protocol.
– View functions labeled as read-only are typically considered safe, but this incident shows they can be manipulated to steal funds.
– The attacker manipulated the LP’s price during the burn/mint actions of SyncSwap, a decentralized exchange.
– Era Lend confirmed the attack and assured users that it has been contained. Only the USDC pool was compromised, and other assets remain secure.
Era Lend’s Response
Era Lend has taken the following measures in response to the attack:
– The team has halted borrowing operations temporarily.
– Users are advised not to deposit USDC at this time.
– Era Lend reassures users that the threat actor can no longer continue their actions and that the security of other assets remains intact.
Hot Take
The reentrancy attack on Era Lend highlights the vulnerability of decentralized lending protocols. It serves as a reminder for developers and users to remain vigilant and implement robust security measures to protect against such attacks.
By
By
By
By
