The Ethereum-based Defi Protocol Sir.Trading, also known as synthetics implemented correctly, has been hacked, resulting in the loss of full total amount locked (TVL)-$ 355,000 at the time of attack.
The Hack, which took place on March 30, was initially noticed by blockchain security firms Tenar -Moral and DecayIt both posted the warnings on X to alert protocol users.
The founder of the protocol, known only as Xatarrer, described the hack as “the worst news that a protocol (SIC) can receive,” but they suggested trying to keep the protocol going despite caution.
Source: Sir.Trading in x
“Clever Attack” is targeted at the contract vault
Decay described The hack as a “smart attack” that targets a callback function used in the “weak protocol contract of protocol that uses the Ethereum storage feature.
According to the decay the attack was able to replace the real uniswap pool address used in the callback function with an address under hacker control, which allowed them to reclaim the vault funds to their address. Tenarmoralert further Explained That is by repeating calling this callback function, attacking has made TVL the protocol completely depleted.
Source: Decay
SUPLABSYI, from Blockchain Security Firm Supremacy, has gone more Detail In attack on an X post, stating that it may show a security flaw in the transient Ethereum storage.
The transient storage is added at Ethereum with Dencun upgrading last year. The new feature provides for the temporary data store leading to lower gas fees than regular storage.
According to To suplabs, this is a “nascent feature,” and attacking can be one of the first to take advantage of its weaknesses.
“This is not just a threat aimed at a single example of Uniswapv3swapcallback,” Suplabsyi said.
Tenarmorsecurity Says The stolen funds are deposited at an address funded by Ethereum’s privacy solution, railgun. Xatarrer has since reached the railgun for help.
Related: Defi Hacks Drop 40% in 2024, CEFI violations are advancing $ 694M – Hacken
Sir.Trading’s documentation It is shown that it is charged as “a new defi protocol for safer action.” The stated purpose of the protocol is to meet some of the challenges of leveraged trading, “such as volatility of decay and destruction risks, which makes it safer for long -term investment.”
As it aims for safer leveraged trading, made by the Protocol documentation Warning Users who despite the derision, its wise contracts can still contain bugs that can lead to financial losses – featuring platform vaults as a particular area of weakness.
“Unrecovered bugs or exploitation of Sir’s wise contracts can lead to funds losses. These can come from complex logic to vault mechanics or action calculations that failed auditing, revealing users to rare but critical failures,” the state documentation state of the project.
Magazine: What are native rollups? Full guide to Ethereum’s latest change
