Join ACCESS EU, the first-of-its-kind digital assets security and DLT summit
Halborn Logo

// Blog

Explained: Hacks

Explained: The Sentiment Hack (March 2023)


Rob Behnke

April 11th, 2023

In March 2023, Sentiment was the victim of a $1 million hack. The attacker exploited a read-only reentrancy vulnerability to drain value from the protocol.

Inside the Attack

The Sentiment hack was enabled by a reentrancy vulnerability. While these vulnerabilities are well-known, in the past, they only involved code that performed state updates. However, read-only reentrancy vulnerabilities have been the cause of several recent hacks. These vulnerabilities involve view functions, which often lack reentrancy protection because they don’t manipulate the contract’s state.

Reentrancy attacks exploit the fact that transfers to a smart contract trigger its fallback function, which can run code. If these fallback functions can reenter a vulnerable function before it performs state updates, then it is potentially at risk.

In this case, the attacker took out a flashloan and deposited it into a Sentiment liquidity pool. They then used the exitPool function in the contract to withdraw their deposit from the contract.

Since this involves transferring funds to the attacker’s contract, it triggers that contract’s fallback function. The fallback function then took out a loan, which used the Balancer Vault to compute the value of the tokens. Since the call to exitPool had not yet performed its state updates, the vault had an out-of-date view of the number of tokens that it contained. As a result, it made an inaccurate value calculation when performing the loan that allowed the attacker to drain about $1 million from the protocol.

Lessons Learned From the Attack

Reentrancy vulnerabilities are a common threat. However, defenses against them often focus on functions that perform state changes. A read-only reentrancy vulnerability targets a function that lacks reentrancy protection because it only performs a view action (like calculating a token balance based on a pool’s supply) rather than updating state in a particular function.

Reentrancy vulnerabilities — read-only or otherwise — can be identified and fixed via an in-depth security audit. For more information, reach out to our smart contract security auditors.