Lending app Era Lend on zkSync has been exploited for $3.4 million worth of crypto, according to a July 25 report from blockchain security firm CertiK. The attacker used a \u201cread-only reentrancy attack\u201d to drain the funds, which is a type of attack that interrupts a multi-step process and then causes it to continue after a malicious action has been performed. Specifically, a \u201cread-only\u201d reentrancy is one that does not update the state of a contract.<\/p>\n
According to the report, the attacker drained funds in two separate transactions, using the externally owned account 0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a. They relied on a vulnerability in the \u201cthe callback and _updateReserves function\u201d to manipulate a contract into reporting old values that had not yet been updated.<\/p>\n
Era Lend is a fork of the Syncswap project, and CertiK claimed that other projects based on Syncswap may also be vulnerable to the exploit.<\/p>\n
On-chain sleuth and Twitter user Spreek reported that the Syncswap code allows a user to \u201cburn, then callback before update_reserves is called,\u201d causing the oracle to report incorrect values.<\/p>\n
Spreek also reported that the Era Lend team had\u00a0acknowledged the attack and paused the protocol\u2019s zkSync contracts to prevent further exploits.<\/p>\n
Another blockchain investigator, known on Twitter as Saul, reported that the attack had\u00a0affected stablecoin USDC+, which is issued by the Overnight Finance protocol. According to Saul, the Overnight team has acknowledged the exposure and has paused its own contracts as well. Over $261,000, or 7.86% of the total worth of the collateral backing the stablecoin, may have been lost.<\/p>\n
In a June 7 blog post explaining how read-only reentrancy attacks are carried out, pseudonymous blockchain investigator Officer\u2019s Notes stated that these vulnerabilities are difficult for auditors to spot, since \u201cTypically, auditors and bug hunters are only concerned with entry points that modify state when looking for reentrancy.\u201d<\/p>\n
To help alleviate this problem, Officer\u2019s Notes recommends that auditors use specialized software to aid them in finding these vulnerabilities.<\/p>\n
Era Lend runs on the zkSync network, a zero-knowledge proof Ethereum layer-2 rollup. In April, the network\u2019s total value locked reached over $110 million. The network\u2019s developers intend to create an ecosystem of interoperable chains called \u201cHyperchains\u201d by the end of the year.<\/p>\n