dForce DeFi Protocol Suffers $3.6 Million Loss in Reentrancy Attack

• DeFi protocol dForce suffered a loss of over $3.6 million due to a reentrancy attack executed on the Arbitrum and Optimism chains.
• A vulnerability in a smart contract function allowed users to calculate oracle prices when connected to Curve Finance, which the hacker was able to exploit.
• The hacker siphoned off around 2300 ETH worth approximately $3.65 million, and dForce paused all vaults to avoid additional damage.

dForce Suffers Loss of Over $3.6 Million

DeFi protocol dForce has suffered an estimated loss of over $3.6 million after a reentrancy attack was executed on the Arbitrum and Optimism chains. The attack was due to a vulnerability in a smart contract function that allowed users to calculate oracle prices when connected to Curve Finance, which the hacker was able to take advantage of and siphon off around 2300 ETH worth approximately $3.65 million from dForce’s vault on Curve Finance, an automated market maker (AMM) platform operating on the Arbitrum and Optimism blockchains.

Hacker Exploits Vulnerability In Smart Contract Function

The attack was brought to light by Twitter user @ZoomerAnon who tweeted that dForce had lost around $1.7 million through a series of flash loan transactions executed on the Optimism Chain, with blockchain security firm PeckShield confirming the details with an estimate damages at around 2300 ETH, worth around $3.65 million. The vulnerability exploited by the hacker is believed to be related to a reentrancy attack, which occurs when a bug in a smart contract allows attackers to repeatedly withdraw funds from it and transfer them into unauthorized contracts or wallets outside of their control.

dForce Pauses All Vaults To Avoid Additional Damage

In response, dForce has paused all vaults in order prevent any further losses while they investigate what happened and fix any existing vulnerabilities that could have enabled this attack in the first place; however they have stressed that customer funds remain safe as the attacker only targeted their wstETH/ETH-Curve vault on both Arbitrum & Optimism chains respectively . Furthermore ,the attacker had created Protocol Debt of 2300 ETH ($ 2 . 3M). Dforce also stated that if the funds were returned, they would offer him/her bounty for returning funds safely .

Investigation Into Attack Underway

Dforce is currently conducting an investigation into what happened and looking for ways it can improve its security measures so as not repeat such occurrence again .It has engaged with security firm SlowMist_Team in order ensure better protection against hackers moving forward . It has also assured users that their fund are safe as only particular curve vault were targets , other vaults such lending were not affected by this incident .

Conclusion

To conclude , DeFi protocol dforce suffered massive loses owing do an unexpected hack caused due tp vulnerability present in its smart contract function used by oracles coupled with arbiturm & optimism chain connections resulting in loosing over 3600 eths amounting up to millions of dollars . While investigation is underway , dforce took necessary steps like pausing all its vaults & engage with security firms like slowmist_team for better safety purpose making sure users fund are safe from other types of attacks targeting different type of vaults used by them .