Sturdy Finance halts market after $800,000 exploit linked to faulty price oracle Sturdy Finance halts market after $800,000 exploit linked to faulty price oracle
Blockchain security firm BlockSec stated that Sturdy Finance suffered a reentrancy attack alongside its price oracle manipulation.
1 min read
Updated: Jun. 12, 2023 at 10:25 am UTC
Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.
Sturdy Finance paused its markets on June 12 following a protocol exploit – losses are estimated at around 442 ETH ($800,000) per Peckshield.
In a statement, the team confirmed it was aware of the exploit, adding that no additional funds are at risk and no user actions are needed currently – with more information to follow pending investigation results.
Sturdy Finance has yet to respond to CryptoSlate’s request for additional comments as of press time.
Blockchain security firms explain how Sturdy Finance was exploited
Blockchain security firm Peckshield initially reported that Sturdy Finance’s exploit was linked to a faulty price oracle. Further analysis showed “the root cause [was] due to the defective price oracle to compute the cB-stETH-STABLE asset price.”
Web3 knowledge graph protocol 0xScope corroborated this report, adding that the hacker transferred the stolen funds to crypto-mixing protocol, Tornado Cash, and the Change Now exchange.
Meanwhile, smart contract auditor BlockSec noted that in addition to the oracle price manipulation reported by Peckshield and 0xScope, the exploit also showed signs of a “typical Balancer’s read-only reentrancy” attack.
Using the attack transaction hash, BlockSec explained how the attacker first borrowed over 100,000 staked Ethereum from Aave in a flash loan before exploiting a liquidity pool managed by Sturdy Finance’s team on the Balancer.
According to CertiK, a reentrancy attack allows an attacker to drain funds of a vulnerable contract by repeatedly calling the withdraw function before it updates its balance.
Mentioned in this article
Author 
Oluwapelumi Adejumo
Oluwapelumi values Bitcoin's potential. He imparts insights on a range of topics like DeFi, hacks, mining and culture, underlining transformative power.
Editor Editor 
Samuel Wan
Samuel Wan, a finance professional turned full-time crypto content creator, values individual autonomy and personal freedom in his pursuits.
Latest Ethereum Stories
In this article
Ethereum is a decentralized, open-source blockchain platform that enables the creation of smart contracts and decentralized applications (DApps).
Balancer
$3.77842
Balancer is a non-custodial portfolio manager, liquidity provider, and price sensor..
CertiK
Founded in 2018 by professors of Yale University and Columbia University, CertiK is a pioneer in blockchain security, utilizing best-in-class AI technology to secure and monitor blockchain protocols and smart contracts.
Peckshield
PeckShield is a blockchain security and data analytics company,ย that offers products and services for security, privacy, and usability of the entire blockchain ecosystem.
