Hacker Drains Sturdy Finance Liquidity Pool Using Reentrancy and Oracle Manipulation.

By Arhat | Truly Crypto | 12 Jun 2023

Sturdy Finance was hacked by an unknown attacker who exploited a reentrancy vulnerability and a faulty price oracle to steal 442 $ETH or about $800,000.

Here's how it happened: 4fa32c6130807fd38635cf863232bf920bd436a6a33d1093a04095677b08a4a9.png  

  • The attacker deposits some $ETH into Sturdy Finance's lending pool and receives LP tokens in return.
  • The attacker calls the "withdraw" function of Sturdy Finance's smart contract to redeem their LP tokens for ether. However, instead of waiting for the function to finish, the attacker reenters the same function within the same transaction, executing a reentrancy attack.
  • By reentering the withdraw function multiple times, the attacker can withdraw more $ETH than they deposited, effectively draining the pool.
  • The attacker uses Tornado Cash to hide their identity and the origin of the stolen ETH. 5. The attacker uses Balancer to swap some of the stolen ether for other tokens at an inflated price, taking advantage of Balancer's reliance on price oracles for exchange rates.
  • The hacker manipulates the price oracle of Sturdy Finance by reentering the "get_virtual_price" function, which calculates the value of LP tokens based on the total value of the pool.
  • By creating inconsistencies between the pool value and the LP token supply, the hacker inflates the value of their LP tokens and trades them for more $ETH on Balancer.

  Good to know:

  • A reentrancy vulnerability is a type of security flaw that allows an attacker to call a function repeatedly within a single transaction before the original function is completed. This can result in multiple withdrawals of funds from a smart contract without updating the balance.
  • A price oracle is a service that provides real-world price data to decentralized applications. However, if the price oracle is not reliable or secure, it can be manipulated by an attacker to create false price signals and trigger undesired actions in the smart contract.

 

Thank you for reading through, and follow me for more regular post updates.

I’d also appreciate it if you shared this with your friends, who would enjoy reading this.

You can contact me here: Twitter.

You can find my other research & investment thesis here: https://bit.ly/45vA04W

If you find this analysis useful, please consider donating to 0xd95d4b14dcfa941bf916255b3624c0bfb22166c8.

Thank you.

Resources

  1. https://etherscan.io/address/0x1e8419e724d51e87f78e222d935fbbdeb631a08b
  2. https://twitter.com/0xArhat/status/1668164685353369601
Bitcoin (BTC) Ethereum (ETH) Crypto News DeFi Balancer (BAL)

How do you rate this article?

15
Arhat
Arhat Verified Member

Investor at L2 Iterative Ventures. Prev: Founder 3z3 Labs. I write about web3 use cases, hacks, and deep dives.

Truly Crypto
Truly Crypto

On Hacks, Use Cases & Deep dives.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.
The Myanmar Junta Hates Bitcoin – Here’s How Rebels Use It Anyway The Myanmar Junta Hates Bitcoin – Here’s How Rebels Use It Anyway
Talleyrand

Talleyrand

7 hours ago
1 minute read

Tron’s Wall Street Hack: How A Reverse Merger Made Blockchain History Tron’s Wall Street Hack: How A Reverse Merger Made Blockchain History
Myxoplixx

Myxoplixx

3 hours ago
2 minute read

EXPERIMENT - Tracking 2025 Top Ten Cryptocurrencies – Month Five - Down -13% EXPERIMENT - Tracking 2025 Top Ten Cryptocurrencies – Month Five - Down -13%
starthere

starthere

16 Jun 2025
5 minute read