BlockSec: FutureSwap Protocol on Arbitrum Under Attack Again, Reentrancy Vulnerability Causes Loss of $74,000

GateNewsBot

2026-01-14 12:00:51

ARB-2,97%

Foresight News reports that, according to BlockSec Phalcon monitoring, the Futureswap contract on Arbitrum was attacked again, with an estimated loss of about $74,000. Although the loss is not large, it is worth noting that this attack exposed a new attack surface: reentrancy vulnerability. The attacker stole funds from the protocol through a two-step process that included a three-day cooldown period. The first step is the minting phase, where the attacker exploited the reentrancy vulnerability during liquidity provision by re-entering the 0x5308fcb1 function before the contract updated internal accounts, minting a large amount of LP tokens relative to the actual deposited assets. The second step is the withdrawal phase, where the attacker waited for the mandatory three-day withdrawal cooldown period and then executed the withdrawal, burning the illegally minted LP tokens to exchange for the underlying collateral, effectively stealing assets from the protocol and making a profit.

View Original

Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to Disclaimer.

Comment

0/400

No comments