Radiant Capital, the lending protocol on Arbitrum, has temporarily halted its lending and borrowing markets after an exploit resulted in a $4.5 million loss in one of its newly launched USDC markets.
Blockchain security firm PeckShield has identified the root cause of the exploit, which involves a hacker taking advantage of a time window during the activation of a new market within Radiant Capital's lending protocol. The protocol is a fork of the popular lending platforms Compound and Aave. The exploit also relies on a known rounding issue present in the current codebase of Compound and Aave. By exploiting this vulnerability, the attacker was able to profit through repeated deposit and withdrawal operations.
Marc "Chainsaw" Zeller, a core member of Aave, commented on the situation, stating that Aave had already identified the issue and implemented safety measures to fully mitigate it several weeks ago. He criticized many Aave forks for merely copying the code without adopting the robust safety culture of Aave.
- Last:
- Next: