Stablecoin protocol Seneca hit by $6 million exploit due to smart contract flaw
Quick Take
- Stablecoin protocol Seneca suffered an exploit, resulting in a loss of more than $6 million.
- The exploit was traced back to a flaw in the protocol’s smart contract approval mechanisms.
Stablecoin protocol Seneca suffered an exploit, leading to a loss of more than $6 million on Ethereum and Arbitrum networks.
The exploit was pinpointed to an issue within the protocol’s smart contract approval mechanisms — which was exploited by an unknown attacker to divert funds.
Security analysts from Blocksec identified the root cause of the breach as an “arbitrary call issue” within Seneca’s smart contracts.
The project’s contracts didn’t have code that could let the team pause it — instead, users had to revoke permissions. The stolen assets are reported to be more than 1,900 ETH ($6 million).
This vulnerability allowed the attacker to make unauthorized transfers of tokens from the project’s contract to an external addresses controlled by them. “The root cause was an arbitrary call issue, hence approvals to the vulnerable contract can be transferred out,” Blocksec CTO Lei Wu told The Block.
The Seneca team acknowledged the incident and urged users to revoke previously granted permissions in an effort to prevent further unauthorized transactions.
Seneca is a decentralized finance project that allows users to mint and borrow its stablecoin, senUSD, against other crypto assets — a stablecoin mechanism also called a collateralized debt position.
The Seneca token went down by more than 60% following the exploit — dropping from around $0.1 to under $0.04.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
