{"id":563440,"date":"2023-03-14T12:03:59","date_gmt":"2023-03-14T09:03:59","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/euler-finance-blocks-vulnerable-module-working-on-recovering-funds\/"},"modified":"2023-03-14T12:03:59","modified_gmt":"2023-03-14T09:03:59","slug":"euler-finance-blocks-vulnerable-module-working-on-recovering-funds","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/euler-finance-blocks-vulnerable-module-working-on-recovering-funds\/","title":{"rendered":"# Euler Finance blocks vulnerable module, working on recovering funds"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a27249378eda\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a27249378eda\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/euler-finance-blocks-vulnerable-module-working-on-recovering-funds\/#%E2%80%9D_Euler_Finance_blocks_vulnerable_module_working_on_recovering_funds_%E2%80%9C\" >&#8221; Euler Finance blocks vulnerable module, working on recovering funds &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Euler_Finance_blocks_vulnerable_module_working_on_recovering_funds_%E2%80%9C\"><\/span>&#8221; Euler Finance blocks vulnerable module, working on recovering funds &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjMtMDMvNDVjY2RiZGYtMGY2OS00MmVhLWE4MmQtZTZmMjA3OGY4ZDNjLmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-48054ca8>Decentralized finance (DeFi) lending protocol Euler Finance became a victim of a flash loan attack on March 13, resulting in the biggest hack of crypto in 2023\u00a0so far. The lending protocol lost nearly $197 million in the attack and impacted more than 11 other DeFi protocols as well.<\/p>\n<p>On March 14, Euler came out with an update on the situation and notified its users that they had disabled the vulnerable etoken module to block deposits and the vulnerable donation function. <\/p>\n<p>The firm said that they work with various security groups to perform audits of its protocol, and the vulnerable code was reviewed and <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>roved during an outside audit. The vulnerability was not discovered as part of the audit. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">One of our auditing partners, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/Omniscia_sec?ref_src=twsrc%5Etfw\">@Omniscia_sec<\/a>, prepared a technical post-mortem and analysed the attack in great detail. You can read their report here:<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/u4Z2xdutwe\">https:\/\/t.co\/u4Z2xdutwe<\/a><\/p>\n<p>In short, the attacker exploited vulnerable code which allowed it to create an unbacked token debt\u2026 <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/FGnPqvYUGB\">https:\/\/t.co\/FGnPqvYUGB<\/a><\/p>\n<p>\u2014 Euler Labs (@eulerfinance) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/eulerfinance\/status\/1635431834631766018?ref_src=twsrc%5Etfw\">March 14, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>The vulnerability remained on-chain for eight months until it was exploited, despite a $1 million bug bounty in place.<\/p>\n<p>Sherlock, an audit group that has worked with Euler Finance in the past, verified the root cause of the exploit and helped Euler submit a claim. The audit protocol later voted on the claim for $4.5 million, which passed, and later executed a $3.3 million payout on March 14.<\/p>\n<p>In its analysis report, the audit group noted a significant factor for the exploit: a missing health check in \u201cdonateToReserves,\u201d a new function added in EIP-14. However, the protocol stressed that the attack was still technically possible even before EIP-14.<\/p>\n<p><strong><em>Related:\u00a0More than 280 blockchains at risk of \u2018zero-day\u2019 exploits, warns security firm<\/em><\/strong><\/p>\n<p>Sherlock noted that the Euler audit by WatchPug in July 2022 missed the critical vulnerability that eventually led to the exploit in March 2023.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Similarly, Sherlock stands behind every auditor who reviewed Euler. <\/p>\n<p>Sherlock initially worked with <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/cmichelio?ref_src=twsrc%5Etfw\">@cmichelio<\/a> to audit the first version of Euler in Dec 2021, then with <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/shw9453?ref_src=twsrc%5Etfw\">@shw9453<\/a> to audit a very small update in Jan 2022, and finally with <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/WatchPug_?ref_src=twsrc%5Etfw\">@WatchPug_<\/a> to audit EIP-14 in July 2022.<\/p>\n<p>\u2014 SHERLOCK (@sherlockdefi) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/sherlockdefi\/status\/1635366470657130497?ref_src=twsrc%5Etfw\">March 13, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Euler has also reached out to leading on-chain analytic and blockchain security firms, such as TRM Labs, Chainalysis and the broader ETH security community, in a bid to help them with the investigation and recover the funds. <\/p>\n<p>Euler notified that they are also trying to contact those responsible for the attack in order to learn more about the issue and possibly negotiate a bounty to recover the stolen funds.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"defi_newsletter\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/euler-finance-blocks-vulnerable-module-working-on-recovering-funds\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Euler Finance blocks vulnerable module, working on recovering funds &#8220; Decentralized finance (DeFi) lending protocol Euler Finance became a victim of a flash loan attack on March 13, resulting in the biggest hack of crypto in 2023\u00a0so far. The lending protocol lost nearly $197 million in the attack and impacted more than 11 other&#8230;<\/p>\n","protected":false},"author":1,"featured_media":563441,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/cdn-cgi\/image\/format=auto,onerror=redirect,quality=90,width=1200\/https:\/\/s3.cointelegraph.com\/uploads\/2023-03\/45ccdbdf-0f69-42ea-a82d-e6f2078f8d3c.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,74868,74882,77595,70944],"class_list":["post-563440","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-defi","tag-hacks","tag-lending","tag-hackers"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/563440","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=563440"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/563440\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/563441"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=563440"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=563440"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=563440"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}