Robust financing of the Defi protocol for 442 ETH used almost $ 800,000

Robust financing of the Defi protocol for 442 ETH used almost $ 800,000

Sturdy Finance-A Defi project that promises up to ten times a leverage on the assets used-was exploited by a hit-and-run attack on its price oracle.

Although the stolen amount (worth around $ 800,000 at the time of the creation of this article) compared to other more well-known attacks such as the attack on Atomic Wallet user only fades last week, it also ensures that the profits are not washed as hard as it is also for cyber criminals that have been with many larger amounts.

price manipulation

The attack on Sturdy Finance was via a reentrancy exploit, a common method for attack on defi projects, in which a function is repeatedly called up in a smart contract before the original call is completed.

In order to attack Sturdy Finance, the hacker initially found that the price oracle of the protocol-the part of the sturdy ecosystem, which determines the current value of assets that are to be used for trade and loans-is susceptible to reentry exploits. After the weak point was found, a flash loan from AAVE provided the liquidity required for the attack.

This enables the malicious player to withdraw more money than the Smart Contract should allow him. In this case, the price of the defined ether (Steth) was manipulated three times in a row to enable the fraudster to withdraw more than the loan should allow him to repay the original loan and to be paid out the additional funds. This process was then repeated five times, with a different smart contract used each time.

2/The attack process (https://t.co/xdahtpe6as) consists of the following attack steps. pic.twitter.com/evzhypwpdo

- Blocksec (@blocksecteam) 12. June 2023

The Exploit led to a loss of 442 ETH for Sturdy, a snack that was already on the way to Tornado Cash.

autopsy runs

The Sturdy security team confirmed that the exploit was noticed and that the company was initially interrupted to carry out proper autopsy. The team also that no further funds are currently endangered.