Seneca Protocol noticed a big safety breach, leading to a dramatic 65% drop within the worth of its native SEN token.
In line with CertiK, the attacker initially exploited a vulnerability within the protocol to steal round $3 million price of digital property. The attacker transferred 1,000 ETH throughout two externally owned accounts (EOAs), escalating the estimated loss to roughly $6.4 million.
The core of the vulnerability was in a operate throughout the Seneca protocol’s good contract code named ‘performOperations.’ This operate, accessible to exterior calls, which means anybody might set off it, lacked correct validation for its acquired inputs.
The absence of enter validation is a big safety oversight in good contract growth.
The attacker developed a particular information despatched to this operate and triggered a situation that allowed the hacker to invoke another contract on the blockchain with arbitrary information. This extremely harmful functionality provides the attacker free rein to work together with different contracts disguised as susceptible ones. The attacker then transferred property from addresses beforehand approved to the now-vulnerable contracts.
Seneca (SEN) operates as an omnichain Collateral Debt Place protocol for yield-bearing property. Utilizing supported collateral property permits customers to borrow the collateralized stablecoin, senUSD. The SEN token has varied utilities, together with governance, buying and selling tax redistribution, and protocol charge redistribution by way of staking.