ZkSync-based Era Lend lost $3.4 million in the DeFi attack.
Era Lend, the DeFi protocol running on the ZkSync Layer-2 network, suffered a reentry attack. It suffered a loss of 3.4 million dollars in the attack.
ZkSync-based DeFi protocol Era Lend falls victim to $3.4 million exploit
The attacker was able to pull assets from the protocol by making repeated calls within a transaction and exploiting a read-only reentry vulnerability.
Era Lend was hacked and its $3.4 million loss was confirmed by security analysts at BlockSec. The attacker used the reentry exploit to further drain assets from the protocol, taking advantage of an erroneous price prophecy trusted by Era Lend.
Display functions tagged as read-only are normally considered to lack re-entry protection because they do not change the state of the contract. However, in this case, it was stated that the attacker manipulated the transaction using another decentralized exchange called SyncSwap.
The Era Lend team confirmed that they detected and contained the attack. However, they explained that as a result of the attack, only the USDC pool was compromised. As a safety precaution, they advised users to avoid depositing USDC for now and temporarily stop borrowing.