• dForce DeFi protocol suffered a loss of over $3.6 million due to a reentrancy attack executed on the Arbitrum and Optimism chains
• The attack was due to a vulnerability in a smart contract function that allowed users to calculate oracle prices when connected to Curve Finance
• The hacker was able to siphon off $3.6 million worth of cryptocurrency through the exploit
Overview
DeFi protocol dForce suffered a loss of over $3.6 million, which the hacker was able to siphon off thanks to a reentrancy attack executed on the Arbitrum and Optimism chains.
Vulnerability
The attack was due to a vulnerability in a smart contract function that allowed users to calculate oracle prices when connected to Curve Finance.
Losses
Over $3.6 Million Lost A hacker was able to siphon off $3.6 million worth of cryptocurrency through a reentrancy attack on the dForce DeFi protocol. The hacker was able to target the protocol’s vault on Curve Finance, an automated market maker (AMM) platform operating on the Arbitrum and Optimism blockchains.
Details Of The Attack
According to the available details about the attack, the hacker was able to exploit a reentrancy vulnerability that was present in a smart contract function used by dForce to obtain oracle prices from Arbitrum and Optimism. Reentrancy attacks occur when a hacker is able to exploit a bug in a smart contract, allowing them to repeatedly withdraw funds, transferring them