CertiK Logo
CertiK Logo
Products
Blogs
Company
incident-response

Products & Technology

Featured Ecosystems

Company

English
Back to all stories
Blogs
Incident Analysis
Hunting Orion: The $3M Loss from a Reentrancy Attack
1/8/2024
Hunting Orion: The $3M Loss from a Reentrancy Attack

Project name: Orion Protocol

Project type: Exchange

Date of exploit: Feb 2, 2023

Asset loss: $3M

Vulnerability: Reentrancy

Date of audit report publishing: May 24, 2021

Conclusion: Out of Audit Scope

Details of the Exploit

Background

Orion protocol is a liquidity aggregator that aggregates the liquidity of a single crypto exchange into a decentralized platform. The (vulnerable) exchange contract serves as a router to swap tokens and also allows users to deposit into the contract.

Nature of the Vulnerability

The vulnerability is due to a reentrancy attack targeting the exchange contract, where the attacker can perform a reentrant call to deposit tokens during the swap, thus causing the deposit tokens to also be counted in the swap process.

CertiK Audit Overview

Screenshot 2024-01-08 at 5.57.20 AMScreenshot 2024-01-08 at 5.57.58 AM

Conclusion

On Feb 2, 2023, the Orion Protocol was exploited for $3M due to a reentrancy attack targeting the exchange contract. The compromised contract (eth:0x98a877bb507f19eb43130b688f522a13885cf604) was not audited by CertiK. CertiK only audited for Orion’s token and sale contracts.

References

Rekt news: https://rekt.news/orion-protocol-rekt/

Related Stories
March's Major Private Key Compromises
Blogs
Incident Analysis
From 12 March to 16 March we have seen nine private key compromises (PKC) that have led to a combined loss of at least $22.96 million in March, with five of those incidents incurring losses over $1 million. These incidents showcase the continued devastation that private key leakages can have on the Web3 ecosystem which has already seen approximately $239 million lost to this type of attack in 2024.
3/22/2024
Concentric.Fi Incident Analysis
Blogs
Incident Analysis
On 22nd January, Concentric.fi was exploited leading to losses of over $1.85 million. The wallets that conducted the attack have been doxxed as the OKX exploiter. Concentric announced on X that their protocol was attacked due to a targeted social engineering attack leading to the compromise of one of their teams admin wallets. From there the attackers were able to upgrade Concentric vault contracts with a malicious implementation leading to losses in liquidity pools as well as users who had approved Concentric contracts.
1/23/2024
Curve Conundrum: The dForce Attack via a Read-Only Reentrancy Vector Exploit
Blogs
Incident Analysis
On Feb 9, 2023, dForce's lending protocol was attacked, leading to a loss of $3.7M. The attacker made use of a read-only reentrancy vector to manipulate the price in the lending protocol to drain funds from the pool.
1/8/2024
CertiK Logo
SOC
© 2024 by CertiK. All Rights Reserved.
Products & Technology
Smart Contract AuditSkynetSecurity ScoreKYCPenetration TestingBug BountyFormal VerificationAdvisory ServicesSkyHarborSkyInsights
Company
AboutVenturesBlogCareersDisclaimerPrivacy PolicyCookie PolicyTerms and ConditionsTrust and Security
Social Media
CertiKSecurity LeaderboardCertiK AlertTelegramYoutube
MediumLinkedIn
Wechat
Discord
MediumLinkedIn
Wechat
Discord
© 2024 by CertiK. All Rights Reserved.
;