DeFi

Euler Finance blocks vulnerable module, working on recovering funds

Decentralized finance (DeFi) lending protocol Euler Finance turned a sufferer of a flash mortgage assault on March 13, ensuing within the largest hack of crypto in 2023 to date. The lending protocol misplaced practically $197 million within the assault and impacted greater than 11 different DeFi protocols as nicely.

On March 14, Euler got here out with an replace on the scenario and notified its customers that that they had disabled the weak etoken module to dam deposits and the weak donation operate.

The agency stated that they work with numerous safety teams to carry out audits of its protocol, and the weak code was reviewed and accredited throughout an outdoor audit. The vulnerability was not found as a part of the audit.

The vulnerability remained on-chain for eight months till it was exploited, regardless of a $1 million bug bounty in place.

Sherlock, an audit group that has labored with Euler Finance prior to now, verified the foundation explanation for the exploit and helped Euler submit a declare. The audit protocol later voted on the declare for $4.5 million, which handed, and later executed a $3.3 million payout on March 14.

In its evaluation report, the audit group famous a major issue for the exploit: a lacking well being verify in “donateToReserves,” a brand new operate added in EIP-14. Nevertheless, the protocol burdened that the assault was nonetheless technically doable even earlier than EIP-14.

Associated: Greater than 280 blockchains susceptible to ‘zero-day’ exploits, warns safety agency

Sherlock famous that the Euler audit by WatchPug in July 2022 missed the crucial vulnerability that finally led to the exploit in March 2023.

Euler has additionally reached out to main on-chain analytic and blockchain safety companies, equivalent to TRM Labs, Chainalysis and the broader ETH safety group, in a bid to assist them with the investigation and get better the funds.

Euler notified that also they are making an attempt to contact these answerable for the assault to be able to be taught extra concerning the difficulty and probably negotiate a bounty to get better the stolen funds.

Subscribe to our mailing list to receive new updates and special offers

We don’t spam! Read our [link]privacy policy[/link] for more info.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
You have not selected any currencies to display