Ten separate audits carried out over a two-year interval of the Ethereum-based lending protocol Euler Finance deemed it to be “nothing greater than low danger” and having “no excellent points” previous to it affected by a $196 million assault.
In a sequence of tweets on March 17 Euler Labs CEO, Michael Bentley described the “hardest days” of his life after Euler’s $196 million flash mortgage assault on March 13.
He retweeted one person sharing data that Euler had 10 audits from 6 completely different corporations, and commented that the platform “has all the time been a security-minded undertaking.”
Euler has all the time been a security-minded undertaking. The Euler good contracts, together with the weak strains of code, have been audited.https://t.co/SvNeoKEGuY
— Michael Bentley (@euler_mab) March 16, 2023
Blockchain safety corporations together with Halborn, Solidified, ZK Labs, Certora, Sherlock and Omnisica carried out good contract audits on Euler Finance from Might 2021 to September 2022.
Halborn ranked its danger evaluation by measuring the “probability of a safety incident” and the affect it could have, with the chance stage starting from very low and informational, to vital — Euler acquired “nothing greater than low danger.”
It was revealed in a Dec. 2022 abstract of Halborn’s audit that it had discovered “an general passable outcome.”
The abstract acknowledged 23 good contracts have been “inspected and analyzed” by Halborn over a one-month interval, of which solely “two low dangers and three informational” dangers have been recognized.
Euler acknowledged it had reviewed Halborn’s protection and concluded the dangers “pose no important threats.”
Blockchain safety agency Omnisica addressed some “incorrect paradigms” in Euler’s base swapper implementation, in addition to how the swap mode was “dealt with by the codebase” — however acknowledged within the report that these points have been “correctly dealt” with by Euler, and “no excellent points” remained.
Associated: Euler Finance blocks weak module, engaged on recovering funds
On March 16 the protocol’s hacker started transferring funds by crypto mixer Twister Money solely hours after a $1 million bounty was launched by Euler for data resulting in the hacker’s arrest.
In his current Twitter thread Bentley mentioned he’ll by no means “forgive the attacker” as he was compelled to “sacrifice time” together with his new child son as a result of assault however thanked safety consultants who’re “engaged on leads” for the investigation.
Solely 24 hours previous to the bounty, Euler issued a warning saying it will launch a one “that results in your arrest and the return of all funds” if 90% wasn’t returned inside 24 hours.
