The Avalanche-based social protocol, Stars Arena, recently experienced a security breach on October 5th, which exposed a critical flaw. This flaw allowed unauthorized access to Avax tokens from its smart contracts, endangering over $1 million in assets.
The vulnerability was first identified by analyst lilitch.eth, who traced it back to a faulty getPrice function enabling malicious actors to transfer funds to their wallets, potentially draining the contract. The Block Research also confirmed this security gap.
Deterred by a long, arduous process
Despite this vulnerability, the network’s high transaction fees act as a deterrent for potential hackers. Exploiting the flaw would require multiple calls to the contract, making it an unprofitable endeavor.
Stars Arena, inspired by FriendTech, launched in September and quickly gained traction, locking over $1 million within two weeks and causing a surge in on-chain transactions on the Avalanche network.
Swift response kept loss at minimum
On October 6th, Emin Gun Sirer, co-founder of Ava Labs, took to social media to announce that the Stars Arena vulnerability has been successfully remedied. Attackers would now need to spend $0.25 to acquire a mere $0.04, resulting in a total loss of just $2,000.The swift response by the Avalanche community and the protocol’s developers demonstrates the resilience and adaptability of blockchain ecosystems when addressing security issues. While the breach was concerning, it highlighted the robustness of the Avalanche network and the commitment of its stakeholders to a secure and thriving ecosystem.