• Orion Protocol was recently subjected to an exploit due to vulnerabilities from third-party libraries.
• The exploit was a reentrancy attack, allowing threat actors to siphon over $3 million off the crypto exchange.
• This incident serves as a reminder of the importance of information security in the crypto sector.
Exploit on Orion Protocol
Orion Protocol, a decentralized protocol enabling liquidity pools to get reliable access and exposure between centralized and decentralized exchanges, was recently subjected to an exploit due to vulnerabilities from third-party libraries. The exploit was executed as a reentrancy attack, allowing yet unidentified threat actors to siphon over $3 million off the crypto exchange.
Vulnerability of Third-Party Libraries
The precise nature of the attack has yet to be confirmed, but it is believed that a malicious actor was able to take advantage of information security vulnerabilities within third-party libraries integrated to the protocol. A reentrancy exploit is a type of attack vector that exploits a vulnerability from within a protocol’s smart contract code to repeatedly access and manipulate functions by repetitive calling. This is deployed by threat actors with the intent of draining funds off of a contract, right before it could update its internal state. Lock functions on smart contracts are not readily available, but can be hardcoded during the execution of its balancer. This is similar to the type of vulnerability reported on UniSwap by Dedaub, a Paris-based blockchain security firm.
Action Taken By Orion Protocol
An investigation into the matter has been initiated by the protocol’s developers, while its management has promised that they have been taking proactive steps to secure the protocol further. Blockchain security firm Peckshield has confirmed further details on the matter and said that the protocol has been paused, with root cause already being addressed by Orion Protocol’s team.
Importance Of Information Security
This particular incident alongside other instances of reentrancy attacks across the decentralized web serves as a reminder of importance of information security in crypto sector especially given massive implications that smart contract vulnerabilities can play out integration with third party libraries may either be pre audited or based off deals expand project’s reach but compromise these cases cannot be decided over prospect mere profit increase valuation:
It is important for protocols and exchanges alike when integrating with third party applications in order for them not only remain secure but also protect their users’ funds from being exploited in any way or form due lack proper rigorous auditing process when dealing such applications/libraries outside their own codebase/network structure etc…