// BEGIN ENQUEUE PARENT ACTION // AUTO GENERATED - Do not modify or remove comment markers above or below: if ( !function_exists( 'chld_thm_cfg_locale_css' ) ): function chld_thm_cfg_locale_css( $uri ){ if ( empty( $uri ) && is_rtl() && file_exists( get_template_directory() . '/rtl.css' ) ) $uri = get_template_directory_uri() . '/rtl.css'; return $uri; } endif; add_filter( 'locale_stylesheet_uri', 'chld_thm_cfg_locale_css' ); if ( !function_exists( 'chld_thm_cfg_parent_css' ) ): function chld_thm_cfg_parent_css() { wp_enqueue_style( 'chld_thm_cfg_parent', trailingslashit( get_template_directory_uri() ) . 'style.css', array( 'font-awesome-v5','bootstrap','sidr','magnific-popup','sliderpro' ) ); wp_enqueue_script('custom-script', get_stylesheet_directory_uri() . '/custom-script.js', array('jquery')); } endif; add_action( 'wp_enqueue_scripts', 'chld_thm_cfg_parent_css', 10 ); // END ENQUEUE PARENT ACTION add_action( 'admin_enqueue_scripts', 'my_cfg_admin_enqueue' ); function my_cfg_admin_enqueue(){ wp_enqueue_script('custom-script', get_stylesheet_directory_uri() . '/custom-script.js', array('jquery')); wp_enqueue_style('style-cfg-child', get_stylesheet_uri(), array(), "4.2"); } add_action( 'after_setup_theme', 'remove_plugin_image_sizes', 999 ); function remove_plugin_image_sizes(){ remove_image_size( '2048x2048' ); remove_image_size( '1536x1536' ); remove_image_size( 'large' ); } function action_dynamic_sidebar_after( $array ) { if($array == "home-content-widgets") { echo the_content(); } }; add_action( 'dynamic_sidebar_after', 'action_dynamic_sidebar_after', 10, 1 ); add_action( 'trashed_post', 'mtp_delete_attached_thumbnail_for_trashed_product', 20, 1 ); function mtp_delete_attached_thumbnail_for_trashed_product( $post_id ) { // gets ID of post being trashed $post_type = get_post_type( $post_id ); // does not run on other post types if ( $post_type != 'post' ) { return true; } // get ID of featured image $post_thumbnail_id = get_post_thumbnail_id( $post_id ); // delete featured image wp_delete_attachment( $post_thumbnail_id, true ); }/** * The header for our theme * * This is the template that displays all of the section and everything up until
* * @link https://developer.wordpress.org/themes/basics/template-files/#template-partials * * @package CoverNews */ ?> Era Lend on zkSync exploited for $3.4M in reentrancy attack – CoinsMegaNews

Era Lend on zkSync exploited for $3.4M in reentrancy attack

Era Lend on zkSync exploited for $3.4M in reentrancy attack

[ad_1]

Lending app Era Lend on zkSync has been exploited for $3.4 million worth of crypto, according to a July 25 report from blockchain security firm CertiK. The attacker used a “read-only reentrancy attack” to drain the funds, which is a type of attack that interrupts a multi-step process and then causes it to continue after a malicious action has been performed. Specifically, a “read-only” reentrancy is one that does not update the state of a contract.

According to the report, the attacker drained funds in two separate transactions using the externally owned account 0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a. The attacker relied on a vulnerability in “the callback and _updateReserves function” to manipulate a contract into reporting old values that had not yet been updated.

Era Lend is a fork of the Syncswap project, and CertiK claimed that other projects based on Syncswap may also be vulnerable to the exploit.

On-chain sleuth and Twitter user Spreek reported that the Syncswap code allows a user to “burn, then callback before update_reserves is called,” causing the oracle to report incorrect values.

Spreek also reported that the Era Lend team had acknowledged the attack and paused the protocol’s zkSync contracts to prevent further exploits.

Another blockchain investigator, known on Twitter as Saul, reported that the attack had affected stablecoin USDC+, which is issued by the Overnight Finance protocol. According to Saul, the Overnight team has acknowledged the exposure and has paused its own contracts as well. Over $261,000, or 7.86% of the total value of the collateral backing the stablecoin, may have been lost.

In a June 7 blog post explaining how read-only reentrancy attacks are carried out, pseudonymous blockchain investigator Officer’s Notes stated that these vulnerabilities are difficult for auditors to spot, since “Typically, auditors and bug hunters are only concerned with entry points that modify state when looking for reentrancy.”

To help alleviate this problem, Officer’s Notes recommends that auditors use specialized software to aid them in finding these vulnerabilities.

Era Lend runs on the zkSync network, a zero-knowledge proof Ethereum layer-2 rollup. In April, the network’s total value locked reached over $110 million. The network’s developers intend to create an ecosystem of interoperable chains called “Hyperchains” by the end of the year.

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.



[ad_2]

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

/** * The template for displaying the footer * * Contains the closing of the #content div and all content after. * * @link https://developer.wordpress.org/themes/basics/template-files/#template-partials * * @package CoverNews */ ?>