Sentient Stolen: How Balancer’s Read-Only and Reentrant Nature Enabled a $1 Million Hack on Arbitrum Network

On April 5th, according to PeckShield monitoring, Sentient, an unlicensed partial mortgage loan agreement, was stolen about $1 million on the Arbitrum network early this morning. T

Sentient Stolen: How Balancers Read-Only and Reentrant Nature Enabled a $1 Million Hack on Arbitrum Network

On April 5th, according to PeckShield monitoring, Sentient, an unlicensed partial mortgage loan agreement, was stolen about $1 million on the Arbitrum network early this morning. The root cause is the read-only and reentrant nature of Balancer.

Security team: Sentient loan agreement stolen $1 million on the Arbitrum network

Security breaches in the world of blockchain technology are not something new. However, the latest news published on April 5th, 2021, about an unlicensed partial mortgage loan agreement Sentient being stolen about $1 million on the Arbitrum network was a wake-up call for the community. According to PeckShield monitoring, the root cause of this hack was the read-only and reentrant nature of Balancer. This article covers the significant details of the event, the weaknesses in Balancer’s functionalities, and how to avoid such attacks in the future.

The Stolen Sentient

Sentient, a decentralized loan agreement that operates as a partial mortgage system with an uncertain fixed value, was developed by the Sentient Protocol. It allows borrowers to leverage their digital assets as collateral to borrow from the pools that Sentient created. It is an unlicensed platform that runs on the Ethereum network. Recently, Sentient launched its mainnet on the Arbitrum network for trading, lending, and borrowing.
However, on the morning of April 5th, Sentient faced a hack that drained around $1 million from its protocol. The attacker exploited the read-only and reentrant functionality of the Balancer protocol and eventually drained the funds out of Sentient.

The Vulnerabilities in Balancer

Balancer is a popular decentralized exchange that facilitates trading and liquidity provision. The Balancer protocol makes use of reusable smart contract libraries, including specific vulnerabilities that make it susceptible to attacks. Balancer’s main vulnerability is its read-only and reentrant nature. The read-only nature prevents the smart contract from modifying the state of the blockchain but allows queries to be modified, which result in a reentrant vulnerability. The reentrant vulnerability enables the attacker to execute the same function repeatedly before the initial invocation completes.
The reentrant vulnerability is a common design flaw in smart contracts, and it allowed the attacker to borrow assets without any collateral from a Balancer pool. The attacker then exchanged these borrowed assets with more money, similar to a classic “Ponzi scheme.” The attacker kept executing the same task repeatedly with the same pool, which eventually drained around $1 million from the Sentient Protocol.

Future Prevention

The Sentient Protocol hack teaches developers the importance of auditing the smart contracts and their libraries before launching on the mainnet. When launching on other networks, developers need to conduct separate audits. A proper security check will ensure that all vulnerabilities are eliminated or mitigated. It is essential to conduct a comprehensive security analysis of your smart contract products, even if they seem trivial.
Furthermore, developers can reduce the reentrancy vulnerabilities and enhance their smart contract’s overall security by making use of Non-reentrant functions. This type of function verifies the contract’s state before another function can execute, preventing re-entry attacks. Developers can also write smart contracts with checks-effects-interactions patterns or adopt carefully coded security mechanisms.

Conclusion

The Sentient protocol hack reminds the blockchain community that security breaches can occur at any time, and even the smallest vulnerabilities can result in significant losses. As developers work to create strong smart contracts, they must keep in mind the importance of auditing, analyzing, and testing code before launching it on the mainnet. Using Non-reentrant functions, checks-effects-interactions patterns, and carefully coded security mechanisms can also help enhance smart contract security.

FAQs

**Q1. How was Balancer used in the Sentient hack?**
Ans: Balancer’s read-only and reentrant nature was exploited by the attacker to continuously execute the same task without the initial invocation completion. It enabled the attacker to borrow assets without collateral from a Balancer pool, which was eventually drained around $1 million from the Sentient Protocol.
**Q2. What can developers do to prevent such attacks?**
Ans: Developers can audit, analyze, and test their smart contract library and products before launching them on the mainnet to prevent such attacks. They can also use non-reentrant functions and carefully coded security mechanisms to reduce reentrancy vulnerabilities.
**Q3. How important is a comprehensive security analysis?**
Ans: A comprehensive security analysis is essential to prevent smart contract attacks. Even the smallest vulnerabilities can result in significant losses; hence, developers must conduct separate audits before launching their products on different networks.

This article and pictures are from the Internet and do not represent aiwaka's position. If you infringe, please contact us to delete:https://www.aiwaka.com/2023/04/05/sentient-stolen-how-balancers-read-only-and-reentrant-nature-enabled-a-1-million-hack-on-arbitrum-network/

It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.