Era Lend On ZkSync Exploited For $3.4M In Reentrancy Attack

Important points from the article:

1. The lending app experienced a security breach where funds were drained due to a “read-only reentrancy” bug. This type of vulnerability is challenging for auditors to detect.

2. The bug allowed an attacker to repeatedly withdraw funds from the app without the necessary balance, resulting in significant financial losses.

3. Read-only reentrancy bugs are particularly difficult to identify because they do not modify the state of the contract, making them less noticeable during security audits.


The lending app recently fell victim to a security breach caused by a “read-only reentrancy” bug. This type of vulnerability poses challenges for auditors as it does not modify the contract’s state, making it harder to detect during security audits. The bug allowed an attacker to drain funds from the app repeatedly, resulting in substantial financial losses. This incident highlights the importance of thorough security audits and constant vigilance in identifying and addressing potential vulnerabilities in financial applications.