A hacker successfully exploited a flaw in the Dolomite project’s USDC smart contracts by gaining access and stealing $1.8 million of USD Coin (USDC), according to blockchain security firm CertiK.
The perpetrators targeted an old contract called ‘DolomiteMarginProtocol,’ which allowed them to conduct the attack based on approvals granted to the owner before the system was eliminated in 2020. The security concern in this situation was that the assailants could steal the funds from the auditors through unauthorized contracts.
Within Dolomite’s staff, a disabled compromised contract has recently occurred, affecting only the contract’s earlier users.
The `callFunction` function included in the `DolomiteMarginProtocol` contract gave arbitrary access to the contract, making it vulnerable. For safety feature introduction, the `noEntry` limitations on `callFunction` use were supposed to be specified. Manually, `noEntry` would only be deactivated after the execution of another method, `singleEntry`.
The attacker found a way to use `noEntry` without any access. The developers managed this by ‘calling’ a function placed in a different contract, `SoloMargin`.
Also Read: Grab Leads in Fintech Innovation with Crypto Top-Ups via GrabPay
