Old Dolomite exchange contract suffers $1.8M loss from approval exploit
An old contract previously used by the Dolomite crypto exchange has been exploited for approximately $1.8 million, according to a March 20 report from blockchain security platform CertiK and seen by Cointelegraph. The exploit affected users who previously authorized approvals to the contract, and the development team recommended revoking approvals to the Ethereum Dolomite address that begins with 0xe2466.
The development team claimed that users who have only interacted with the current version on Arbitrum should not be affected. They have also disabled the faulty contract, which should protect users who have not yet become victims of the attack. Even so, the team argued that users should revoke approvals to this contract.
Dolomite is a decentralized exchange and money market protocol that currently runs on Arbitrum and Polygon zkEVM. It originally launched on Ethereum in 2019. The team migrated it to the Arbitrum network in 2022 and gradually phased out support for the Ethereum version. Because of the immutable nature of smart contracts, users can still interact with its Ethereum version using developer tools.
According to the CertiK report, the attacker exploited a function named “callFunction” that allows a user to make any arbitrary calls. This function is guarded by a “noEntry” modifier, which under normal circumstances, should prevent any reentrancy attacks. However, this guard can be bypassed by the TradeManager contract located at 0xe2466, which contains a “call” function that has no reentrancy guard. Thus, the attacker was able to use this contract to drain funds from users, CertiK claimed.
The attacker transferred all of the stolen funds to address 0x5eAA7DadA44d59549A6c58008b2bd3C7F81d2502 and then deposited them into Tornado cash, Certik stated.
Related: ParaSwap evades hack targeting Augustus v6 contract vulnerability
This exploit is one of several that have occurred in March. On March 11, the Unizen protocol on Ethereum lost over $2.1 million due to an approval exploit. In that case, the development team promised to reimburse users as soon as possible. On March 15, Mozaic Finance lost over $2.4 million due to a private key compromise.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Market Shifts Present New Opportunities for Savvy Traders
In Brief The cryptocurrency market has seen a notable decline, generating new buying opportunities. Key assets like Bitcoin and Ethereum are experiencing significant trading fluctuations. Investors are encouraged to monitor trends closely for potential market recoveries.
Donald Trump to Meet Bukele at White House: Bitcoin on Mind?
Two Whale Vaults at Risk of Liquidation as ETH Price Declines
Here’s How High Dogecoin Can Reach If BTC Market Cap Hits $500T As Predicted By Michael Saylor
Trending news
MoreCrypto prices
More
