BlockSec Phalcon: SharwaFinance attacked, attacker profits approximately $146,000
Foresight News reported, according to monitoring by BlockSec Phalcon, that the decentralized finance protocol SharwaFinance claimed to have been attacked and suspended its services. However, several hours later, some suspicious transactions occurred again, possibly exploiting the same underlying issue. The attacker first created a margin account, then conducted leveraged lending using the provided collateral, and finally executed a sandwich attack on the swap operation involving the borrowed assets. The root cause appears to be that the swap() function of the MarginTrading contract lacks bankruptcy checks. This function only verifies solvency based on the account status before executing the asset swap, leaving room for manipulation during the process.
The two attackers made a total profit of approximately $146,000, with attacker 1 (0xd356...c08) earning about $61,000 through multiple attacks, and attacker 2 (0xaa24...795) earning about $85,000 through a single attack.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Data: 159,800 LINK transferred from a certain exchange to Grayscale, worth approximately $2.05 million
Data: 196.31 BTC transferred from an anonymous address to Jump Crypto, worth approximately $17.15 million
The U.S. Treasury auctioned six-week Treasury bonds, with a winning bid rate of 3.625%.
The U.S. Treasury auctions six-week Treasury bills at a winning yield of 3.625%
Trending news
MoreCrypto prices
More
