Lending app Generation Lend on zkSync has been exploited for $3.4 million price of crypto, in line with a July 25 file from blockchain security firm CertiK. The attacker ancient a “be taught-most attention-grabbing reentrancy attack” to empty the funds, which is a form of attack that interrupts a multi-step project and then causes it to proceed after a malicious action has been performed. Namely, a “be taught-most attention-grabbing” reentrancy is one which does no longer update the inform of a contract.
Primarily essentially essentially based on the file, the attacker drained funds in two separate transactions using the externally owned story 0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a. The attacker relied on a vulnerability in “the callback and _updateReserves just” to manipulate a contract into reporting used values that had no longer but been up so far.
Proceed Reading on Coin Telegraph
