{"id":18091,"date":"2024-10-25T17:36:24","date_gmt":"2024-10-25T14:36:24","guid":{"rendered":"https:\/\/forklog.com\/en\/vulnerability-in-base-lending-contracts-results-in-1-million-theft\/"},"modified":"2024-10-25T17:36:24","modified_gmt":"2024-10-25T14:36:24","slug":"vulnerability-in-base-lending-contracts-results-in-1-million-theft","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/vulnerability-in-base-lending-contracts-results-in-1-million-theft\/","title":{"rendered":"Vulnerability in Base Lending Contracts Results in $1 Million Theft"},"content":{"rendered":"<p>An exploit in uncertified lending contracts of the L2 network Base has led to the theft of over $1 million. The incident was reported by the security firm Cyvers Alerts.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">?ALERT?Our system detected multiple suspicious transactions involving unverified lending contracts on <a href=\"https:\/\/twitter.com\/hashtag\/Base?src=hash&#038;ref_src=twsrc%5Etfw\">#Base<\/a> a few hours ago.<\/p>\n<p>The attacker initially made a suspicious transaction, gaining approximately $993K from these unverified contracts. Most of these tokens were swapped and\u2026 <a href=\"https:\/\/t.co\/FRo5gVhxCc\">pic.twitter.com\/FRo5gVhxCc<\/a><\/p>\n<p>\u2014 ? Cyvers Alerts ? (@CyversAlerts) <a href=\"https:\/\/twitter.com\/CyversAlerts\/status\/1849717982194257991?ref_src=twsrc%5Etfw\">October 25, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The perpetrator exploited a vulnerability in smart contracts associated with WETH. After successfully manipulating the price oracle, they withdrew $993,000.<\/p>\n<p>Approximately $202,000 was sent to Tornado Cash. The attack was then repeated, causing additional damage of $455,127. <\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThe oracle used by these contracts is unreliable. It relies solely on a single pair with limited liquidity of $400,000, making it susceptible to price fluctuations that can be manipulated,\u201d explained senior security specialist at Cyvers Alerts, Hakan Unal.<\/p>\n<\/blockquote>\n<p>To prevent such incidents, it is necessary to use reliable, diversified oracles with high liquidity, the expert noted. <\/p>\n<p>The perpetrator managed to escape with the stolen assets, and their identity remains unknown. Responsibility for the incident will fall on the organization managing the lending protocols, Unal added.<\/p>\n<p>Earlier in October, the lending protocol Radiant Capital was hacked in the BNB Chain and Arbitrum networks for over $50 million. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>An exploit in uncertified lending contracts of the L2 network Base has led to the theft of over $1 million. The incident was reported by the security firm Cyvers Alerts. ?ALERT?Our system detected multiple suspicious transactions involving unverified lending contracts on #Base a few hours ago. The attacker initially made a suspicious transaction, gaining approximately [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":18090,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1321],"class_list":["post-18091","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-base"],"aioseo_notices":[],"amp_enabled":true,"views":"16","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/18091","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=18091"}],"version-history":[{"count":0,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/18091\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/18090"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=18091"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=18091"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=18091"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}