On March 30, an exploit depleted the SIR.trading DeFi protocol, causing it to lose all $355,000 of its locked value.
On March 30, an exploit depleted the Ethereum-based DeFi protocol SIR.trading, also called Synthetics Implemented Right, losing all $355,000 of its locked value.
The attack on a March 30 post o. TenArmor, a blockchain security company, first reported x. TenArmor noted that the stolen money had been moved to RailGun, a privacy platform that aids concealment, and several questionable transactions were flagged.
SIR.trading DeFi protocol Exploit
Later, security platform Decurity disclosed that the hacker exploited a vulnerability in the Vault contract of SIR.trading, specifically in a function known as uniswapV3SwapCallback. Decurity described the hack as a “clever attack.”
Blockchain researcher Yi clarified in a different X post that the vulnerability resulted from how the contract validated transactions. Transactions from a Uniswap pool or other trustworthy source should generally be the only ones allowed.
The contract did, however, rely on transient storage, a temporary storage method implemented in Ethereum’s EIP-1153 upgrade, commonly referred to as the Dencun hard fork.
Only after a transaction concludes does transient storage reset, but the hacker’s manipulation of the contract caused it to overwrite crucial security information while still active. The hacker then deceived the contract into believing their fictitious address.
This was accomplished by forcing a distinct vanity address, which allowed the contract to register their fake address as authentic. Using a custom contract, the hacker took all the money from SIR.trading‘s vault.
The Worst News a Protocol Could Receive
The anonymous creator of SIR.trading, Xatarrer, acknowledged the attack after it happened, calling it “the worst news a protocol could receive.” They asked for community feedback on what to do next and expressed interest in rebuilding despite the loss.
This attack raises concerns about the security of temporary storage because it might be one of the first times hackers have used this new Ethereum feature in the real world. Security experts warn that similar attacks could happen unless developers incorporate more robust security measures into their smart contracts.
