Aave's Earning Farm protocol targeted by reentrancy attack — PeckShield
According to the blockchain security firm, Aave protocol's Earning Farm was compromised by a reentrancy attack on Aug. 9.
Blockchain security firm PeckShield revealed fresh vulnerabilities targeting decentralized finance (DeFi) projects on Aug. 9. According to the firm, Aave protocol's Earning Farm has been compromised by a reentrancy attack, resulting in the theft of at least $287,000 worth of Ether (ETH).
#PeckShieldAlert ~$287K #Ethereum pic.twitter.com/TOQ9oSzcGN
— PeckShield Inc. (@peckshield) August 9, 2023
A reentrancy attack is like tricking an ATM into giving you money multiple times before it realizes you have none left. This happens by sneaking in and out of a money request, fooling the system into granting an attacker more funds than it has available. Similarly, in computers, attackers exploit this trick to get more access or resources than they should by calling functions that interact with contracts repeatedly before the first function call is completed.
It's unclear if the attack relates to the exploits on Curve Finance's pools. The DeFi protocol's stable pools were also targeted by reentrancy attacks on July 30, draining over $61 million. The Curve hack was enabled by a vulnerability affecting three versions of the Vyper programming language, a common contract language widely used by developers on DeFi protocols.
...