Key Points: The DForce DeFi protocol lost $3.6 million when it launched a reentrancy attack on the Arbitrum and Optimism chain.
Connected to Curve Finance, Curve Finance discovered that a smart contract function that determines oracle pricing had a vulnerability that led to the attack.
An apparent reentrancy attack against a Curve vault by the Decentralized Finance (DeFi) protocol dForce on the Arbitrum/Optimism Blockchains resulted the theft of more $3.6 million. The attack could be caused by a defect in the smart contract code or if inadequate security measures are not taken. In the end, the exploiter used a Curve pool reentrancy flaw to manipulate the price of wstETH/ETH. This resulted the liquidation of 1,031.42 ETH, and 30.31 ETH equivalent of wstETH/ETH Curve LP tokens. It also generated $2.3 million in protocol debt. Any protocol can call this function when it is linked to Curve. It provides an estimate of the oracle price. It is used to determine the cost of the liquidity pool token.
Projects should be more cautious when estimating oracle prices. They can be manipulated by malicious actors to perform reentrancy attacks.
DISCLAIMER. The information on this website is intended to provide general market commentary but does not constitute investment advice. We encourage you to do your research before investing.Join us to keep track of news: https://linktr.ee/coincuThanaCoincu NewsTags: ArbitrumArbitrum DeveloperArbitrumsDForceoptimismOptimism hackWeb3