PANews reported on October 20th that Sharwa.Finance disclosed an attack and subsequent suspension of operations, according to a BlockSec Phalcon alert. However, several suspicious transactions occurred hours later, likely exploiting the same underlying vulnerability through a slightly different attack path. Overall, the attacker first created a margin account, then used the provided collateral to borrow additional assets through leveraged lending, and finally launched a "sandwich attack" targeting swap operations involving the borrowed assets. The root cause appears to be a missing bankruptcy check in the swap() function of the MarginTrading contract, which is used to swap borrowed assets from one token (such as WBTC) to another (such as USDC). This function only verifies solvency based on the account's state at the time the swap begins, before executing the asset swap. This leaves room for manipulation. Attacker 1 (beginning with 0xd356) conducted multiple attacks, profiting approximately $61,000. Attacker 2 (beginning with 0xaa24) conducted a single attack, profiting approximately $85,000.PANews reported on October 20th that Sharwa.Finance disclosed an attack and subsequent suspension of operations, according to a BlockSec Phalcon alert. However, several suspicious transactions occurred hours later, likely exploiting the same underlying vulnerability through a slightly different attack path. Overall, the attacker first created a margin account, then used the provided collateral to borrow additional assets through leveraged lending, and finally launched a "sandwich attack" targeting swap operations involving the borrowed assets. The root cause appears to be a missing bankruptcy check in the swap() function of the MarginTrading contract, which is used to swap borrowed assets from one token (such as WBTC) to another (such as USDC). This function only verifies solvency based on the account's state at the time the swap begins, before executing the asset swap. This leaves room for manipulation. Attacker 1 (beginning with 0xd356) conducted multiple attacks, profiting approximately $61,000. Attacker 2 (beginning with 0xaa24) conducted a single attack, profiting approximately $85,000.
BlockSec: Sharwa.Finance suffered multiple attacks, resulting in losses exceeding $140,000
PANews reported on October 20th that Sharwa.Finance disclosed an attack and subsequent suspension of operations, according to a BlockSec Phalcon alert. However, several suspicious transactions occurred hours later, likely exploiting the same underlying vulnerability through a slightly different attack path. Overall, the attacker first created a margin account, then used the provided collateral to borrow additional assets through leveraged lending, and finally launched a "sandwich attack" targeting swap operations involving the borrowed assets. The root cause appears to be a missing bankruptcy check in the swap() function of the MarginTrading contract, which is used to swap borrowed assets from one token (such as WBTC) to another (such as USDC). This function only verifies solvency based on the account's state at the time the swap begins, before executing the asset swap. This leaves room for manipulation. Attacker 1 (beginning with 0xd356) conducted multiple attacks, profiting approximately $61,000. Attacker 2 (beginning with 0xaa24) conducted a single attack, profiting approximately $85,000.
Market Opportunity
The Root Network Price(ROOT)
$0.000133
$0.000133$0.000133
USD
The Root Network (ROOT) Live Price Chart
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact [email protected] for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
You May Also Like
Taiko Makes Chainlink Data Streams Its Official Oracle
The post Taiko Makes Chainlink Data Streams Its Official Oracle appeared on BitcoinEthereumNews.com. Key Notes Taiko has officially integrated Chainlink Data Streams for its Layer 2 network. The integration provides developers with high-speed market data to build advanced DeFi applications. The move aims to improve security and attract institutional adoption by using Chainlink’s established infrastructure. Taiko, an Ethereum-based ETH $4 514 24h volatility: 0.4% Market cap: $545.57 B Vol. 24h: $28.23 B Layer 2 rollup, has announced the integration of Chainlink LINK $23.26 24h volatility: 1.7% Market cap: $15.75 B Vol. 24h: $787.15 M Data Streams. The development comes as the underlying Ethereum network continues to see significant on-chain activity, including large sales from ETH whales. The partnership establishes Chainlink as the official oracle infrastructure for the network. It is designed to provide developers on the Taiko platform with reliable and high-speed market data, essential for building a wide range of decentralized finance (DeFi) applications, from complex derivatives platforms to more niche projects involving unique token governance models. According to the project’s official announcement on Sept. 17, the integration enables the creation of more advanced on-chain products that require high-quality, tamper-proof data to function securely. Taiko operates as a “based rollup,” which means it leverages Ethereum validators for transaction sequencing for strong decentralization. Boosting DeFi and Institutional Interest Oracles are fundamental services in the blockchain industry. They act as secure bridges that feed external, off-chain information to on-chain smart contracts. DeFi protocols, in particular, rely on oracles for accurate, real-time price feeds. Taiko leadership stated that using Chainlink’s infrastructure aligns with its goals. The team hopes the partnership will help attract institutional crypto investment and support the development of real-world applications, a goal that aligns with Chainlink’s broader mission to bring global data on-chain. Integrating real-world economic information is part of a broader industry trend. Just last week, Chainlink partnered with the Sei…
Share
BitcoinEthereumNews2025/09/18 03:34
Layer Brett Picked As The Best Crypto To Buy Now By Experts Over Pi Coin & VeChain
While Pi Coin (PI) and VeChain (VET) have long been part of the conversation, crypto analysts and early-stage investors are […] The post Layer Brett Picked As The Best Crypto To Buy Now By Experts Over Pi Coin & VeChain appeared first on Coindoo.
Share
Coindoo2025/09/18 00:13
Why PEPE May Become the Most Important Meme Coin of This Cycle
Pepe has moved back into focus during a period when the wider crypto market feels slow and uncertain. Conversation around PEPE price now centers on long-term relevance
Share
Captainaltcoin2026/02/11 16:00