The Period Lend lending app on zkSync has been mined for $3.4 million value of crypto, in line with a July 25 report from blockchain safety agency CertiK. The attacker used a “read-only reentrancy assault” to empty funds, which is a sort of assault that interrupts a multi-step course of after which causes it to proceed after a malicious motion has been carried out. Extra particularly, a “read-only” reentrancy is a reentrancy that doesn’t replace the state of a contract.

In accordance with the report, the attacker drained funds in two separate transactions utilizing the exterior account 0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a. The attacker relied on a vulnerability within the “callback perform and _updateReserves” to govern a contract to report previous values ​​that had not but been up to date.

Proceed studying on Coin Telegraph