The DeFi protocol SIR.trading faced a harrowing hacker attack on March 30th, resulting in the theft of $355,000 in Total Value Locked (TVL). The breach exposed a vulnerability in the smart contracts tied to the new transient storage feature introduced through the Dencun update on the Ethereum network.
The attack was swiftly detected by the security team TenArmorAlert, who identified the exploitation of a loophole in the system. Decurity, a company specializing in blockchain auditing and security, also raised the alarm publicly, bringing awareness to the DeFi community. Xatarrer, the founder of SIR.trading, acknowledged the incident, describing it as “the worst news a protocol can receive.” Despite the setback, the team expressed their determination to rebuild user trust and continue the project.
The exploit targeted a smart contract named Vault, utilizing the transient storage mode for optimized gas costs. By manipulating a callback function within the contract, the hacker was able to substitute the original Uniswap pool address with their controlled address. This manipulation allowed the attacker to siphon funds from the vault to their wallet, exploiting the lack of security checks on the authenticity of the Uniswap pool.
The introduction of transient storage with the Dencun update brought forth new attack surfaces, shedding light on the inherent risks associated with innovative features. The incident served as a wake-up call for the Ethereum ecosystem, emphasizing the need for comprehensive testing and security measures.
The stolen funds were traced to a wallet powered by Railgun, an Ethereum protocol emphasizing privacy. Efforts to recover the funds faced significant challenges due to the protocol’s privacy-preserving nature. SIR.trading, initially positioned as a secure leverage trading platform, suffered a severe blow with the attack, highlighting the vulnerability of even well-audited DeFi projects.
The repercussions of the exploit at SIR.trading underscored the limitations of smart contract audits in detecting vulnerabilities related to novel functionalities. The incident also raised doubts about the reliability of transient storage as a secure tool, reigniting discussions on the necessity of stricter security standards for emerging DeFi protocols.
As the Ethereum ecosystem grapples with the aftermath of the attack, developers, investors, and users are urged to prioritize security and vigilance. The event serves as a stark reminder of the risks inherent in innovation, emphasizing the need for a renewed focus on security culture in the DeFi space. Ultimately, the attack on SIR.trading serves as a cautionary tale for the entire Ethereum community, urging stakeholders to exercise caution and diligence in navigating the evolving landscape of decentralized finance.