Sturdy has suffered a security breach resulting in the theft of 442 ETH

Sturdy has suffered a security breach resulting in the theft of 442 ETH

Sturdy experienced a security breach that resulted in the theft of 442 ETH. The breach was due to a read-only reentrancy exploit, a type of loophole in smart contracts.

Reentrancy exploits occur when a malicious actor calls a contract, and the contract updates its internal state, does a callback to the actor, and the actor re-calls the original contract. Most crypto hacks due to reentrancy issues are caused by state-altering functions not being guarded against or not following the checks-effects-interactions pattern.

However, SturdyFinance's exploit was a read-only reentrancy issue. In read-only reentrancy, the state-altering function(s) are guarded, but view functions (which only read state) are not protected. The issue occurred when SturdyFinance allowed users to borrow against Balancer LP tokens, which have a known read-only reentrancy exploit in its joinOrExit function.

The attacker used a callback to withdraw tokens, which updated the real token balance but not Balancer's accounting values. This led to Sturdy Oracle calculating the wrong asset price when called on the fallback.

This incident highlights the importance of understanding smart contract vulnerabilities and implementing proper security measures to prevent future attacks.

Read more

Metacade Unchains Web3 Gaming: Multi-Chain Integration Unites the Industry

Metacade Unchains Web3 Gaming: Multi-Chain Integration Unites the Industry

London, United Kingdom, April 11th, 2024, Chainwire Metacade, the leading blockchain gaming platform, takes a monumental leap forward with the integration of multi-chains into its ecosystem. This Omni-layer development provides universal application reach, resolving blockchain fragmentation and empowering builders across diverse chains. The rapid integration of the Metacade Tournament Platform

By Makoto Takahiro