Sturdy Finance halts market after $800,000 exploit linked to faulty price oracle

Sturdy Finance suspended the market on June 12 following protocol abuse – losses estimated at around 442 ETH ($800,000) per deal pec shield.

and statementThe team confirmed it was aware of the exploit, adding that no additional funds were at risk and no user action was required at this time. Further information will follow pending findings.

Starter Finance not yet ready of crypto slate Additional comments are solicited at the time of writing.

Blockchain Security Firm Explains How Sturdy Finance Was Abused

Originally owned by blockchain security company Peckshield report Sturdy Finance abuses are linked to flawed price oracles.further away analysis showed the “root cause” [was] cb-stETH-STABLE because the price oracle for calculating the asset price is flawed. “

Web3 Knowledge Graph Protocol 0xScope backed up The report adds that the hackers transferred the stolen funds to cryptocurrency mix protocols, Tornado Cash, and Change Now exchanges.

On the other hand, the smart contract auditor BlockSec I got it In addition to the Oracle price manipulation reported by Peckshield and 0xScope, the exploit also showed signs of a “classical balancer read-only reentrancy” attack.

Using attack transaction hashes, BlockSec explains how the attackers first borrowed over 100,000 stakes of Ethereum from Aave in a flash loan and then exploited a liquidity pool managed by the team at Sturdy Finance in Balancer. bottom.

according to Certificationa reentrancy attack allows an attacker to drain funds from a vulnerable contract by repeatedly calling the withdrawal function before updating the balance.

Article after Sturdy Finance halted the market after an $800,000 exploit involving a flawed price oracle first appeared on CryptoSlate.