Sturdy has suffered a security breach resulting in the theft of 442 ETH

Sturdy has suffered a security breach resulting in the theft of 442 ETH

Sturdy experienced a security breach that resulted in the theft of 442 ETH. The breach was due to a read-only reentrancy exploit, a type of loophole in smart contracts.

Reentrancy exploits occur when a malicious actor calls a contract, and the contract updates its internal state, does a callback to the actor, and the actor re-calls the original contract. Most crypto hacks due to reentrancy issues are caused by state-altering functions not being guarded against or not following the checks-effects-interactions pattern.

However, SturdyFinance's exploit was a read-only reentrancy issue. In read-only reentrancy, the state-altering function(s) are guarded, but view functions (which only read state) are not protected. The issue occurred when SturdyFinance allowed users to borrow against Balancer LP tokens, which have a known read-only reentrancy exploit in its joinOrExit function.

The attacker used a callback to withdraw tokens, which updated the real token balance but not Balancer's accounting values. This led to Sturdy Oracle calculating the wrong asset price when called on the fallback.

This incident highlights the importance of understanding smart contract vulnerabilities and implementing proper security measures to prevent future attacks.

Read more

$70M Committed to Boba Network as Foundation Concludes BOBA Token Agreement with FTX Recovery Trust

$70M Committed to Boba Network as Foundation Concludes BOBA Token Agreement with FTX Recovery Trust

Grand Cayman, Cayman Islands, July 1st, 2025, Chainwire Boba Governance Foundation today announced a significant milestone with a $70 million capital commitment secured from Awaken Foundation and LDA Capital to fund the continued development and ecosystem expansion of Boba Network, the leading Layer-2 blockchain for AI-powered decentralized applications (dApps), enabled

By Makoto Takahiro