A recent security report from CertiK, a leading blockchain security company, revealed that the Dolomite protocol, a decentralized exchange and money market protocol operating on the Arbitrum and Polygon zkEVM networks, has fallen victim to a serious exploit.
This protocol, which was originally launched on Ethereum in 2019 and migrated to the Arbitrum network in 2022, has exposed a critical vulnerability that has been exploited by an attacker.
Specific function within protocol is being abused
The exploit revolves around exploiting a specific feature within the protocol, known as “callFunction”, which allows users to make arbitrary calls. This feature, normally protected by a “noEntry” modifier to prevent re-entry attacks, was bypassed by interacting with the TradeManager contract. This contract included a “call” feature without the necessary reentry protection, which allowed the attacker to drain funds from unsuspecting users.
According to the report from CertiK, the attacker transferred the stolen money to a specific address and then moved it to Tornado Cash, a transaction anonymization platform.
Highlighting a worrying trend
This incident marks a worrying trend of security breaches within the cryptocurrency sector, with several other platforms also experiencing significant losses in March. For example, on March 11, Unizen Protocol lost more than $2.1 million due to an exploit, and Mozaic Finance suffered a loss of more than $2.4 million on March 15 due to a private key compromise.
This string of security incidents highlights the ongoing risks and challenges facing decentralized financial platforms. While the Dolomite team and other affected organizations are taking steps to repair the damage and improve the security of their systems, the fight against cybercrime in the fast-growing world of blockchain and cryptocurrencies remains an ongoing focus.
Source: https://newsbit.nl/groot-veiligheidslek-in-dolomite-protocol-op-decentrale-exchangeplatformen/
