In line with blockchain safety agency CertiK on July 25 In line with the report, Period Lend, a lending program for zkSync, was leveraged for $3.4 million. USD value of cryptocurrencies. The attacker used a “read-only re-entry assault” to empty the funds. This can be a sort of assault that interrupts a multi-step course of and forces it to proceed after a malicious motion has been carried out. Particularly, a “read-only” reconnection is one that doesn’t replace the state of the contract.
In line with the report, the attacker used the funds in two separate transactions utilizing the externally owned account 0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a. An attacker exploited the “callback and _updateReserves operate” vulnerability to govern the contract and report previous values that haven’t but been up to date.
Proceed studying Coin Telegraph.
