SNEAK PEEK
- Sturdy Finance suffered a reentrancy attack, resulting in a significant loss of funds.
- The attacker exploited a vulnerability in Sturdy Finance’s price oracle system.
- Sturdy Finance has taken immediate action to suspend markets and protect user funds.
Sturdy Finance, a well-known decentralized lending protocol, has fallen victim to a clever security breach. According to reports, the attacker exploited a reentrancy vulnerability, pilfering approximately 442 ether – equivalent to roughly $800,000.
The loss of today’s @SturdyFinance hack is ~442 ETH (w/ ~$800K).
The root cause is due to the faulty price oracle to compute the cB-stETH-STABLE asset price @SturdyFinance https://t.co/M4l0GjJfFm pic.twitter.com/b8zK0q9H80
— PeckShield Inc. (@peckshield) June 12, 2023
This method, where an attacker manipulates the repeated calling of a function within a single transaction, allows the perpetrator to withdraw more funds than would otherwise be possible illegitimately. Significantly, it set the stage for deeper security exploitation.
A Price Oracle Exploitation
Following the reentrancy attack, the assailant made their move on Sturdy Finance’s price oracle. This essential element in decentralized finance applications provides real-world price data derived from a separate “read-only” smart contract for Sturdy Finance.
However, it proved to be a soft spot ripe for exploitation. The oracle, designed to ascertain accurate market values of assets within Sturdy Finance’s liquidity pool, was manipulated, resulting in substantial financial loss.
PeckShield, a security firm that closely monitors such activities, confirmed the method.
The firm stated, “The root cause is due to the typical Balancer’s read-only reentrancy, while the price of B-stETH-STABLE was manipulated.
As a direct result, the attacker drained funds from Sturdy Finance’s coffers.
Sturdy Finance’s Rapid Response to Attack
Sturdy Finance has taken immediate steps in response, suspending all markets to halt further potential losses. The team assured users that all markets had been paused, no additional funds were at risk, and no user actions were currently required. Consequently, users can sigh of relief knowing their funds are not threatened.
Moreover, after the attack, on-chain data revealed the attacker’s attempts to obscure their activity using the Tornado Cash mixer.
- SEO Powered Content & PR Distribution. Get Amplified Today.
- EVM Finance. Unified Interface for Decentralized Finance. Access Here.
- Quantum Media Group. IR/PR Amplified. Access Here.
- PlatoAiStream. Web3 Data Intelligence. Knowledge Amplified. Access Here.
- Source: https://investorbites.com/sturdy-finance-suffers-800k-loss-in-ingenious-hack-a-price-oracle-exploitation-saga/
- :has
- :is
- :not
- :where
- 000
- 12
- 22
- 26%
- 7
- 8
- a
- According
- accurate
- Action
- actions
- activities
- activity
- Additional
- After
- All
- allows
- an
- analysis
- and
- applications
- approximately
- ARE
- asset
- Assets
- assured
- At
- attack
- Attempts
- BE
- been
- breach
- calling
- CAN
- Cash
- Cause
- Center
- closely
- Compute
- CONFIRMED
- Consequently
- contract
- Currently
- data
- decentralized
- decentralized lending
- deeper
- DeFi
- Derived
- designed
- direct
- drained
- due
- element
- Equivalent
- essential
- Ether
- ethereum
- Ethereum News
- exploitation
- exploited
- external
- Fallen
- faulty
- finance
- financial
- Firm
- For
- from
- function
- funds
- further
- hack
- had
- hour
- HTTPS
- immediate
- in
- Inc.
- internal
- investor
- IT
- Knowing
- lending
- lending protocol
- Liquidity
- liquidity pool
- loss
- losses
- made
- manipulated
- Market
- Market News
- Markets
- method
- mixer
- monitors
- more
- move
- Need
- news
- no
- of
- on
- On-Chain
- on-chain data
- oracle
- otherwise
- Peckshield
- plato
- Plato Data Intelligence
- PlatoData
- pool
- possible
- potential
- price
- Price Analysis
- protect
- protocol
- proved
- provides
- rapid
- real world
- relief
- repeated
- Reports
- required
- response
- result
- resulting
- Risk
- root
- roughly
- saga
- security
- separate
- set
- significant
- significantly
- single
- smart
- smart contract
- Soft
- Spot
- Stage
- stated
- Steps
- sturdy
- substantial
- such
- Suffers
- Suspend
- system
- taken
- team
- than
- that
- The
- their
- this
- to
- today’s
- tornado
- Tornado Cash
- Tornado Cash mixer
- transaction
- typical
- User
- user funds
- users
- using
- Values
- Victim
- vulnerability
- was
- well-known
- were
- What
- What is
- what is DeFi
- while
- why
- withdraw
- within
- would
- zephyrnet