Seneca Protocol experiences $6m breach, SEN drops 65% 

8 months ago 46
ARTICLE AD

Seneca Protocol saw a significant security breach, resulting in a dramatic 65% drop in the value of its native SEN token. 

According to CertiK, the attacker initially exploited a vulnerability in the protocol to steal around $3 million worth of digital assets. The attacker transferred 1,000 ETH across two externally owned accounts (EOAs), escalating the estimated loss to approximately $6.4 million.

The core of the vulnerability was in a function within the Seneca protocol’s smart contract code named ‘performOperations.’ This function, accessible to external calls, meaning anyone could trigger it, lacked proper validation for its received inputs.

The absence of input validation is a significant security oversight in smart contract development.

We are actively working with security specialists to investigate the approval bug found today.

In the meantime, REVOKE approvals for the following addresses:#Ethereum

PT-ezETH 0x529eBB6D157dFE5AE2AA7199a6f9E0e9830E6Dc1

apxETH 0xD837321Fc7fabA9af2f37EFFA08d4973A9BaCe34…

— Seneca (@SenecaUSD) February 28, 2024

The attacker developed a specific data sent to this function and triggered a condition that allowed the hacker to invoke any other contract on the blockchain with arbitrary data. This highly dangerous capability gives the attacker free rein to interact with other contracts disguised as vulnerable ones. The attacker then transferred assets from addresses previously authorized to the now-vulnerable contracts. 

Seneca (SEN) operates as an omnichain Collateral Debt Position protocol for yield-bearing assets. Using supported collateral assets allows users to borrow the collateralized stablecoin, senUSD. The SEN token has various utilities, including governance, trading tax redistribution, and protocol fee redistribution through staking. 

Follow Us on Google News

Read Entire Article