As CertiK pointed out in a recent tweet, the Stars Arena hack was a “reentrancy exploit.”
The attacker made changes to the smart contract’s acquisition price values.
In a recent announcement, Stars Arena, Friend Tech’s Avalanche-based competitor, revealed a protocol attack that led to the loss of 266,103 AVAX tokens, or almost $2.88 million. Concerns regarding the security of smart contracts and the larger blockchain ecosystem have been raised. As a result of this shocking disclosure.
Stars Arena issued an apology to its customers. And revealed that the service was experiencing a distributed denial of service (DDOS) assault in a post on Twitter. The seriousness of the matter was brought into focus, however, by blockchain analytics startup CertiK, which provided clarity on the nature of the hack.
Reentrancy Attack
Moreover, as CertiK pointed out in a recent tweet, the Stars Arena hack was a “reentrancy exploit.” An attacker of this sort would make several calls to a susceptible smart contract throughout the course of a single transaction.
Also, to steal a large quantity of AVAX tokens from Stars Arena, an attacker hacked the platform’s smart contract. The security hole in the smart contract enabled platform-native tokens (AVAX) to be sent to third-party contracts, which opened the door for reentrancy attacks.
CertiK did a great job of shedding light on the attacker’s methods. The attacker made changes to the smart contract’s acquisition price values.
Furthermore, this allowed them to charge an astronomically inflated amount for tokens. The address utilized, 0xa2E, has, surprisingly, been used before in similar attacks. Earlier last week, a vulnerability affecting Stars Arena was linked to this Ethereum address.