Blockchain security firm PeckShield revealed fresh vulnerabilities targeting decentralized finance (DeFi) projects on Aug. 9. According to the firm, Aave’s Earning Farm has been compromised by a reentrancy attack, resulting in the theft of at least $287,000 worth of Ether (ETH).
#PeckShieldAlert ~$287K #Ethereum pic.twitter.com/TOQ9oSzcGN
— PeckShield Inc. (@peckshield) August 9, 2023
A reentrancy attack is like tricking an ATM into giving you money multiple times before it realizes you have none left. This happens by sneaking in and out of a money request, fooling the system into granting an attacker more funds than it has available. Similarly, in computers, attackers exploit this trick to get more access or resources than they should by calling functions that interact with contracts repeatedly before the first function call is completed.
It’s unclear whether the attack relates to the exploits on Curve Finance’s pools. The DeFi protocol’s stable pools were also targeted by reentrancy attacks on July 30, draining over $61 million. The Curve hack was enabled by a vulnerability affecting three versions of the Vyper programming language, a common contract language widely used by developers on DeFi protocols.
Related: Curve-Vyper exploit: The…
