From @officercia Twitter:

"$zklend Hack rootcause: The attacker manipulated the "lending_accumulator" to be very large at 4.069297906051644020, then took advantage of the rounding error during ztoken mint() and withdraw() to repeatedly deposit 4.069297906051644021 wstETH getting 2 wei then withdraw 4.069297906051644020*1.5 -1 = 6.103946859077466029 wstETH to expend just 1 wei.

Information provided by @ethsecurity.eth 🫡"

https://x.com/officer_cia/status/1889728144199786548

https://blog.solidityscan.com/zklend-hack-analysis-e494cb794f71?gi=383cd73e9016

Another ongoing security incident on @zkLend at @Starknet …

Take needed precautions. Better stay safe than sorry anyways.

ZKlend Hack rootcause: The attacker manipulated the "lending_accumulator" to be very large at 4.069297906051644020, then took advantage of the rounding error during ztoken mint() and withdraw() to repeatedly deposit 4.069297906051644021 wstETH getting 2 wei then withdraw… https://t.co/AbJ8tE32tp

Vladimir S. | Officer's Notes

Sign-up for
Bug-Bounty: @remedy •
Order an audit: @hexens

Sharing cryptocurrency news, yield farming, DeFi, & airdrop strategies.

DEFCON 201 (aka DC201) is the North NJ DEFCON local meetup group. We also live stream hacker content! https://linktr.ee/defcon201

Fascinating breakdown! The precision in exploiting such minuscule differences is mind-blowing. Security teams need to scrutinize every decimal.