Swap Tracker
John Martin 7 min read

Vulnerabilities of Smart Contracts: DAO, DeFi, and Re-entry Attack

Vulnerabilities of Smart Contracts: DAO, DeFi, and Re-entry Attack

The decentralized finance space has shown exponential growth over the past year, increasing from a total of $540 million recorded in March last year to more than $47.6 billion at the time of this article's release.

The growth of the DeFi sphere has opened up new opportunities for users, developers, and the industry as a whole, but also brought new risks that investors may not know about, but which, nevertheless, they have to deal with.

Most DeFi protocols are built on the Ethereum blockchain. Ethereum is the second largest cryptocurrency by market capitalization, second only to Bitcoin itself. Thanks to Ethereum, in particular the use of Turing-complete smart contracts, blockchain projects have become more programmable.

Smart contracts are, in fact, self-executing contracts. The code prescribed in these contracts allows you to automatically carry out predefined transactions and agreements between pseudonymous parties within certain parameters and without any risk to the counterparty.

These self-executing contracts were first proposed in 1994 by Nick Szabo, the creator of Bitcoin's predecessor Bit Gold, and allowed the creation of many decentralized applications that opened up new opportunities for cryptocurrency users, whether it was the issuance of stablecoins built according to a given algorithm, the issuance of cryptocurrency loans, or loans with crypto collateral. And this is only a small part.

Decentralized exchanges with decentralized management models became possible only thanks to such smart contracts, as a result of which a new digital world emerged, which resulted in products such as Binance Smart Chain, Polkadot, and Avalanche.

Protocols such as Aave, Compound, Uniswap, and 1 Inch.exchange allows users to earn interest on their investments and trade crypto assets and even complex instruments such as decentralized derivatives.

All these exciting new products have created the DeFi sector mentioned above, which is taking the financial world by storm and enabling traditional financial institutions to make money.

This new territory of possibilities, as already mentioned, is controlled by code written by developers of smart contracts. Most DeFi projects have open source code and even undergo peer review and audit, while others, on the contrary, do not. Often, even in the tested code, vulnerabilities can be found that allow the use of unknown attack vectors, which leads to huge losses for companies and ordinary users.

How Do Smart Contract Vulnerabilities Affect Users?

To guarantee the security of smart contracts, you can only analyze all the options for its execution. When executing smart contracts in Turing-complete languages, you need to be sure that the computer program does not contain bugs, which is almost impossible. Therefore, when working or creating smart contracts, you will have to audit them.

Vulnerabilities in Ethereum smart contracts can have catastrophic consequences. Even though protocols like Aave are managed by professionals and regularly checked, security vulnerabilities still pose the risk of a hacker attack with the loss of crypto assets for huge amounts, thereby negatively affecting investor confidence in the protocol and subsequently causing financial losses for users/companies and price volatility.

These vulnerabilities stem from the complexity of Ethereum's native smart contract language and its accounting system, which, unlike Bitcoin's UTXO system, is much more flexible and thus more susceptible to additional vulnerabilities and attack vectors.

Since Solidity and other smart contract languages are new and extremely complex, it would be incorrect to blame these vulnerabilities on developers.

There are more than 80 DeFi platforms built on Ethereum, with new projects being launched every week. The smart contracts they use are bound to have vulnerabilities, especially if they are not properly written and tested.

An investigation conducted by CyberNews revealed that almost 3,800 Ethereum smart contracts had vulnerabilities that would allow attackers to steal at least $1 million worth of crypto assets. The study also showed that there are a total of 13 different types of vulnerabilities, and four of them are highly likely to be exploited by hackers.

The popular Avalanche platform discovered a vulnerability earlier this year. So, during the launch of the new decentralized Pangolin exchange and network overload, an error occurred that led to a failure of the issue, which caused widespread panic. Other well-known platforms, including Solana, Flow, Zilliqa, and Fantom, as it turned out, also had errors in their contracts.

DAO and Re-Entry Attack

Re-entry is a common vulnerability of smart contracts. Although it can exist in smart contracts on various blockchain platforms, it is most often associated with the Ethereum blockchain.

Re-entry attacks are best known for the famous hacking of the DAO in 2016 on the Ethereum blockchain.

The first and most catastrophic mistake in a smart contract occurred in 2016. The decentralized autonomous organization (DAO) worked on smart contracts and collected more than $150 million at that time.

An unknown attacker managed to withdraw the ether (ETH) collected through crowdfunding. The amount of damage has amounted to more than $ 150 million.

This case is the most famous example of a Re-entry attack. A repeat attack means that the attacker sends a transaction, as a result of which the contract is executed repeatedly until the resources of the contract account are exhausted.

If the project that requested funding received sufficient support from the DAO community, the Ethereum address of this project could withdraw ether from the DAO. Unfortunately for the DAO, the transfer mechanism transferred the ether to an external address before updating its internal state and noting that the balance has already been transferred. This allowed the attackers to output more ether.

In total, 3.6 million ETH were withdrawn from DAO wallets. Now, these tokens are worth more than $ 6.4 billion. The hack led to a hard fork that divided the network into two parts: Ethereum and Ethereum Classic.

While some agreed that it was best to mitigate the damage and move funds to addresses that their original owners could access, others argued that the immutability of the blockchain should not be violated, otherwise it leads to a technological and ideological split within the community.

The original Ethereum blockchain, now known as Ethereum Classic, left the tokens stolen from the DAO in the hands of a hacker, choosing immutability, while Ethereum allowed the community to vote and returned the funds to their original owners, putting the blockchain consensus first.

Other Examples of Re-entry Attacks Except DAO

However, these vulnerabilities have also been found in numerous hacks of smart contracts, including several DeFi protocols.

Some examples of recent DeFi hacks involving re-entry vulnerabilities include:

  • Fei Protocol: In April 2022, the Fei protocol fell victim to a ~$80 million hack made possible by using third-party code containing re-entry vulnerabilities.
  • Paraluni: The hacking of the Paraluni smart contract in March 2022 used a re-entry vulnerability and poor verification of unreliable user data to steal tokens worth ~$1.7 million.
  • Grim Finance: In December 2021, the vulnerability of re-entering the Grim Finance safeTransferFrom function was used to obtain tokens worth ~ $ 30 million.
  • The SIREN Protocol: The vulnerability of re-entry into the smart contracts of the AMM pool of the SIREN protocol was used in September 2021 for tokens worth ~ $ 3.5 million.
  • CREAM Finance: In August 2021, an attacker used a re-logging exploit to get into the AMP CREAM Finance token integration system to steal tokens worth about $18.8 million.

These are far from the only examples of DeFi hacks that exploited vulnerabilities during re-entry. Although this is an old and widely advertised risk, re-entry vulnerabilities still appear in new smart contracts today.

Let's Summarize

The trust of both ordinary users and large investors in the very concept of DeFi will depend on how the crypto industry will cope with challenges of this kind.

What is happening now is natural and will lead to an increase in the security level of blockchain projects soon, but periodically we will still see news about successful hacker attacks.

Related Posts

Cryptocurrency Wallet Types: Pros And Cons

Cryptocurrency Wallet Types: Pros And Cons

June Katz 7 min read
In order to store crypto and increase the security level of your funds, you can use a cryptocurrency wallet. They have a higher level of protection in comparison with the crypto exchanges. In this article, you will get to know about the advantages and disadvantages of crypto wallets and get acquainted with their varieties and the most popular ex
Read more ❯
The Biggest Cryptocurrency Thefts in the Last 10 Years

The Biggest Cryptocurrency Thefts in the Last 10 Years

June Katz 11 min read
In this article, we will try to remember all the major cryptocurrency thefts over the past 10 years. 1. Bitstamp hack , $5.3 mln ( BTC ), January 4th, 2015 On January 4, 2015, the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker and 19,000 Bitcoins (worth of $5 million) were lost. The initiatio
Read more ❯
Public And Private Keys

Public And Private Keys

June Katz 2 min read
As well as fiat, cryptocurrencies need to be stored securely. That’s what we need these keys for. In this article, we will tell you what private and public keys are and how they are used. What are private keys? A private key is a number that is encoded in different formats depending on which wallet you are using. In each format, the private
Read more ❯
Blockchain Consensus Algorithms and Their Varieties

Blockchain Consensus Algorithms and Their Varieties

June Katz 5 min read
This article is written for beginners who are just starting to learn the crypto world. We want to help you a little. As you might have guessed, this article will be about blockchain consensus algorithms . On the blockchain market, there are a lot of consensus algorithms allowing us to choose what is the most relevant node for signing
Read more ❯

Where all instant exchangers met for your smoothest experience

Maximize profits, minimize search

Tags

safety platforms

Recent Posts

What's Up with Multichain?
What's Up with Multichain?

What's Up with Multichain?

John Martin 5 min read
Users of the Multichain ( MULTI ) cross-chain protocol have been reporting issues with transactions getting stuck in the blockchain as a result of an error that occurred during a recent network update. Several Multichain users have complained that their funds have been stuck in the protocol for 72 hours. Part of the problem appears to be rela
Read more ❯
Are We Overdue for a Crypto Bull Run? An Overview of the Market Situation
Are We Overdue for a Crypto Bull Run? An Overview of the Market Situation

Are We Overdue for a Crypto Bull Run? An Overview of the Market Situation

John Martin 8 min read
2022 has become a difficult year for the cryptocurrency market and will be remembered by negative events and trends. These include the onset of "crypto," the collapse of FTX , and the "stifling embrace" of regulators. We gathered experts' opinions on how to assess the results of the year and the prospects for the next - should we expect a market
Read more ❯
Exploring Bitcoin Ordinals and the BRC-20 Token Standard
Exploring Bitcoin Ordinals and the BRC-20 Token Standard

Exploring Bitcoin Ordinals and the BRC-20 Token Standard

June Katz 5 min read
Bitcoin Ordinals: An Introduction So far the majority in the crypto world has been talking about Bitcoin as a store of value. This idea initiated a heated debate, which has not eased off until this day. Nonetheless, what can be seen in practice is that Bitcoin is rarely used actively as a means of payment. Even though there are interesting cases,
Read more ❯
In Search of The Best Stablecoin
In Search of The Best Stablecoin

In Search of The Best Stablecoin

June Katz 6 min read
Stablecoins are cryptocurrencies that are designed to have a stable value, unlike other coins whose values can fluctuate wildly. They are pegged to fiat currencies such as USD. This means that the price of a stablecoin will not change significantly in response to market movements. Stablecoins can be used as a store of value, a medium of exchang
Read more ❯

BTC  to ETH : Best Rates

btc-icon
btc
0.1