News

Sturdy has suffered a security breach resulting in the theft of 442 ETH

Jyotirmoy Barman

Jun 15, 2023 — 1 min read

Sturdy experienced a security breach that resulted in the theft of 442 ETH. The breach was due to a read-only reentrancy exploit, a type of loophole in smart contracts.

Reentrancy exploits occur when a malicious actor calls a contract, and the contract updates its internal state, does a callback to the actor, and the actor re-calls the original contract. Most crypto hacks due to reentrancy issues are caused by state-altering functions not being guarded against or not following the checks-effects-interactions pattern.

However, SturdyFinance's exploit was a read-only reentrancy issue. In read-only reentrancy, the state-altering function(s) are guarded, but view functions (which only read state) are not protected. The issue occurred when SturdyFinance allowed users to borrow against Balancer LP tokens, which have a known read-only reentrancy exploit in its joinOrExit function.

The attacker used a callback to withdraw tokens, which updated the real token balance but not Balancer's accounting values. This led to Sturdy Oracle calculating the wrong asset price when called on the fallback.

This incident highlights the importance of understanding smart contract vulnerabilities and implementing proper security measures to prevent future attacks.

Kwenta and Perennial Kickstart Arbitrum Expansion with 1.9M ARB

Grand Cayman, Cayman Islands, July 26th, 2024, Chainwire Kwenta, the leading onchain perpetuals exchange on the Optimism network, has partnered with Perennial to launch a new joint product and incentive program on the Arbitrum network. This initiative, backed by a substantial 1.9 million ARB grant, aims to attract new

Social Infrastructure OpenSocial Protocol receives $6 million strategic backing led by Framework Ventures and North Island Ventures to fuel community apps

Hong Kong, Hong Kong, July 25th, 2024, Chainwire The ‘Web3 Shopify of Social’ hits 30,000 onchain users in 2 weeks as the first app goes live OpenSocial Protocol, a composable infrastructure layer for building social applications, announced today a $6 million strategic backing led by Framework Ventures and North

Magnify Cash Introduces DeFi Protocol and Announces Token Launch

Magnify Cash, a decentralized finance (DeFi) platform based in Singapore, has launched a new protocol designed to address liquidity challenges in the cryptocurrency market. The platform aims to provide lending and borrowing services for a wide range of digital assets, including Real-World Assets (RWAs) and Future Yield Tokens (FYTs), through

ETZ adds SUI to IRA Offerings

San Francisco, California, July 24th, 2024, Chainwire ETZ is transforming retirement planning by making digital assets available to retirees ETZ, a premier service designed to simplify and enhance digital asset investing in retirement accounts, announced that it would offer SUI, the utility token powering Sui, a high-performance Layer 1 blockchain

Read more

Kwenta and Perennial Kickstart Arbitrum Expansion with 1.9M ARB

Social Infrastructure OpenSocial Protocol receives $6 million strategic backing led by Framework Ventures and North Island Ventures to fuel community apps

Magnify Cash Introduces DeFi Protocol and Announces Token Launch

ETZ adds SUI to IRA Offerings