SlowMist Pinpoints SafeMath Library within Market Contract as Key Factor Behind zkLend’s $9.5M Breach

Blockchain security firm SlowMist the security team has revealed a serious vulnerability at the heart of the zkLend attack, which involves a Layer 2 money market protocol operating on Starknet. This issue can be traced back to the use of the SafeMath library within the market contract. zkLend As noted by SlowMist, the flaw originates from how division operations are executed. The contract's direct division approach leads to a rounding issue when calculating the exact number of zTokens to be destroyed during withdrawal, allowing attackers to take advantage of this discrepancy for illicit gains.

In light of these discoveries, SlowMist urges users of zkLend to stay alert regarding their assets' safety. They recommend pausing any deposit-related activity on the platform to lessen the chances of incurring financial losses.

Today, an attack on the Starknet chain resulted in the loss of over $9 million in assets!

In a message posted on the social media platform X, zkLend stated, “Once you transfer the funds, we will absolve you of any responsibility related to the attack. Currently, we are collaborating with security professionals and law enforcement agencies. If we do not receive a response from you by 00:00 UTC on February 14, 2025, we will initiate further actions to locate and hold you accountable.”

We recognize your involvement in the attack against zkLend today. You have the option to retain 10% of the funds as a white hat reward, while we ask that you return the remaining 90%, precisely 3,300 ETH, to the following Ethereum address: 0xCf31e1b97790afD681723fA1398c5eAd9f69B98C.

The zkLend platform aspires to deliver a seamless, secure, and effective money-market environment designed to cater to users' liquidity demands. This permissionless lending market primarily serves retail users, permitting them to deposit and borrow digital assets directly from their wallets whenever they choose. Depositors are able to generate yields based on the interest incurred by borrowers utilizing these deposited assets. Moreover, users have the option to leverage their deposits as collateral to procure additional digital assets.

What Is zkLend?

zkLend The zkLend project successfully secured $5 million during a seed funding round back in 2022, with Delphi Digital taking the lead on investments, alongside backing from Three Arrows Capital and StarkWare.

Please be informed that the information presented on this webpage is not meant to be interpreted as legal, tax, investment, financial, or any other type of advice. It is crucial to only invest amounts you can afford to lose and to seek independent financial guidance if you have any uncertainties. For more detailed information, we recommend consulting the issuer's terms and conditions along with their help and support sections. MetaversePost is dedicated to providing accurate and impartial reporting; however, market conditions may fluctuate without prior notice.