Cross-Chain Lending Agreement Paribus Loses $100,000 in Attack: Understanding the Vulnerability

On April 11th, according to Paidun monitoring, the cross chain lending agreement Paribus was attacked, resulting in a loss of approximately $100000. The reason for the attack is th

Cross-Chain Lending Agreement Paribus Loses $100,000 in Attack: Understanding the Vulnerability

On April 11th, according to Paidun monitoring, the cross chain lending agreement Paribus was attacked, resulting in a loss of approximately $100000. The reason for the attack is that it adopts the fork of the old version of Compound V2, which exists a known reentry vulnerability.

The cross chain lending agreement Paribus was attacked, resulting in a loss of approximately $100000

Introduction

On April 11th, the cross-chain lending agreement Paribus suffered an attack resulting in a loss of approximately $100,000. The reason behind the attack was the adoption of the fork of the old version of Compound V2, that had a known re-entry vulnerability. In this article, we’ll explore the details of the attack and the vulnerability that was exploited.

Understanding Paribus

Before we delve into the details of the attack, let’s understand what Paribus is. Paribus is a decentralized finance (DeFi) platform that enables users to lend and borrow cryptocurrencies across different blockchain networks. Its unique feature is the ability to lend and borrow on different blockchains through cross-chain capabilities.

The Attack

According to Paidun monitoring, the attackers exploited a re-entry vulnerability in the Ethereum-based Paribus contract. A re-entry vulnerability is a type of attack where the attacker can re-enter a function before its execution is completed, leading to unexpected behavior. In this case, the attacker was able to withdraw funds repeatedly before the balance update was made, resulting in a loss of approximately $100,000.

Understanding the Vulnerability

To understand the vulnerability that was exploited, we need to look at the version of Compound V2 that Paribus adopted. The version of Compound V2 that Paribus used had a re-entry vulnerability that was identified and fixed in later versions. The vulnerability allowed an attacker to re-enter the same function multiple times, leading to the execution of unintended behaviors.

Conclusion

The Paribus attack highlights the importance of adopting the latest security updates in DeFi protocols. As the popularity of DeFi continues to grow, it is imperative that protocol developers stay vigilant and adopt best practices in securing their smart contracts. By doing so, they can prevent similar attacks from happening in the future.

FAQs

1. Can the funds lost in the Paribus attack be recovered?
No, once funds are lost in a blockchain transaction, they cannot be recovered.
2. Is it safe to use DeFi platforms?
DeFi platforms are generally safe, but users should exercise caution and understand the risks involved before investing.
3. What can be done to prevent such attacks from happening in the future?
Developers should adopt the latest security updates and follow best practices in securing their smart contracts to prevent similar attacks from happening. Additionally, users should ensure they use reputable platforms and exercise caution when investing.

This article and pictures are from the Internet and do not represent Fpips's position. If you infringe, please contact us to delete:https://www.fpips.com/15398/

It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.