Weekly Blockchain Security Report by Fairyproof- Apr 4 to Apr 10
During the week from April 4 to April 10, 2022, security incidents that happened in the crypto industry were all security hacks.
During the week from April 4 to April 10, 2022, security incidents that happened in the crypto industry were all security hacks.
Here is a list of the security hacks:
1. Juno
On April 5, Juno, a COSMOS-based blockchain suffered from a DOS attack.
The attacker first deployed a malicious “hello world” smart contract on the blockchain. And then sent a total of 400 transactions in three days to this contract and uncovered a vulnerability in the blockchain. The attacker then launched a DOS attack on the blockchain.
After the attack was detected, the team behind the blockchain installed a fix and put it back to work within three days.
2. Starstream Finance
On April 8, Starstream Finance, a DeFi application deployed on an Ethereum Layer 2 solution Metis was attacked.
The attacker’s address was 0xFFD90C77eaBa8c9F24580a2E0088C0C940ac9C48 on Metis.
The attacking contract was deployed at 0x75381c1f12733fff9976525db747ef525646677d on Metis
The attacked contract was deployed at 0x1075daD8CFd8bCbCfc7bEB234e23D507990C90e9 which was the StarstreamTreasury contract deployed on Metis.
The hash value of the attack transaction was:
0xb1795ca2e77954007af14d89814c83b2d4f05d1834948f304fd9d731db875435
The vulnerability that was exploited in this incident was in the DistributorTreasury contract deployed at 0x6f99b960450662d67bA7DCf78ac959dBF9050725 on Metis. The vulnerability was that the call to the “execute” function lacked necessary access control such that anyone could call this function.
Before the attack happened, the owner of the StarstreamTreasury contract was transferred to the DistributorTreasury contract. The attacker then called the execute function in the DistributorTreasury contract to call the withdrawTokens function in the StarstreamTreasury contract and withdrew 532,571,155.859 STARS tokens. The attacker sent these tokens to Agora DeFi as collateral to borrow a huge quantity of assets and used partial of the assets to pump the price of the STARS token and again borrow more assets.
In this incident, crypto-assets valued at around $8.2 million were exploited.
Closing thoughts
Both the vulnerability found in Starstream Finance and the one found in Juno were common issues.
A reminder to blockchain developers: there are mature solutions to prevent common risks such as DOS attacks. It is better for the developers to implement these solutions and carry out thorough tests before deploying their products online.
A reminder to smart contract developers: lack of access control is a common issue that could have been uncovered and fixed without being exploited if they had undergone a professional audit.
A reminder to crypto users: make sure you always interact with applications or platforms that haven’t endured long-time challenges with great care and caution.
Join Coinmonks Telegram Channel and Youtube Channel learn about crypto trading and investing