According to a blockchain security researcher, Hundred Finance, another lending protocol on the Gnosis chain, was also abused in an apparent “re-entrancy” attack.
AGVE, the non-custodial money market and lending system Agave’s token, fell more than 20% on Tuesday after the business announced it is investigating an exploit.
“Agave is currently looking at an agave finance protocol exploit.” The DAO said in a tweet on Tuesday afternoon, “We will notify you as soon as we learn more.” “Until we figure out how to handle the matter, contracts have been suspended.”
According to a tweet from the platform, Hundred Finance, like Agave, a multi-chain lending protocol on the Gnosis chain, was also targeted. Hundred stated, “Unfortunately, Hundred and Agave have both been exploited on the Gnosis chain today.” “The Gnosis team is aware, and an investigation is underway.” For the time being, all Hundred markets on all chains are suspended.”
HND, the token of Hundred Finance, was slightly lower in Tuesday trading.
The attack vector in both cases, according to blockchain security researcher Mudit Gupta, was a “re-entrancy attack.”
This is possible because “on Gnosis, the official bridged tokens are non-standard and have a hook that calls the token receiver on every transfer,” according to Gupta. According to Gupta, the attackers were able to borrow more than the collateral they were putting and re-enter the system multiple times to continue the process.
Agave and Hundred Finance were exploited today on Gnosis chain (formerly xDAI).
The underlying reason for the hack is that the official bridged tokens on Gnosis are non-standard and have a hook that calls the token receiver on every transfer. This enables reentrancy attacks. pic.twitter.com/8MU8Pi9RQT
— Mudit Gupta (@Mudit__Gupta) March 15, 2022
Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.