Ten separate audits carried out over two years on the Ethereum-based lending protocol Euler Finance deemed it “nothing larger than low threat” and had “no excellent points” earlier than it suffered from a $196 million assault.
In a collection of tweets on March 17, Euler Labs CEO Michael Bentley described the “hardest days” of his life after Euler’s $196 million flash loan attack on March 13.
He retweeted one person sharing data that Euler had 10 audits from 6 completely different companies, commenting that the platform “has all the time been a security-minded challenge.”
Euler has all the time been a security-minded challenge. The Euler good contracts, together with the weak strains of code, have been audited.https://t.co/SvNeoKEGuY
— Michael Bentley (@euler_mab) March 16, 2023
Blockchain safety companies, together with Halborn, Solidified, ZK Labs, Certora, Sherlock and Omnisica, conducted good contract audits on Euler Finance from Might 2021 to September 2022.
Halborn ranked its threat evaluation by measuring the “chance of a safety incident” and the impression it might have, with the chance stage starting from very low and informational to crucial. Euler obtained “nothing larger than low threat.”
It was revealed in a December 2022 summary of Halborn’s audit that it had discovered “an general passable end result.”
The abstract acknowledged 23 good contracts have been “inspected and analyzed” by Halborn over a one-month interval, of which solely “two low dangers and three informational” dangers have been recognized.
Euler acknowledged it had reviewed Halborn’s protection and concluded the dangers “pose no important threats.”
Blockchain safety agency Omnisica addressed some “incorrect paradigms” in Euler’s base swapper implementation and the way the swap mode was “dealt with by the codebase.” Nonetheless, the report acknowledged that Euler had “correctly dealt” with these points, with “no excellent points” remaining.
Associated: Euler Finance blocks vulnerable module, working on recovering funds
On March 16, the protocol’s hacker began moving funds through crypto mixer Tornado Cash only hours after a $1 million bounty was launched by Euler for data resulting in the hacker’s arrest.
In his current Twitter thread, Bentley mentioned he’d by no means “forgive the attacker” as he was pressured to “sacrifice time” along with his new child son as a result of assault however thanked safety specialists who’re “engaged on leads” for the investigation.
Solely 24 hours earlier than the bounty, Euler issued a warning saying it might launch one “that results in your arrest and the return of all funds” if 90% of the fund weren’t returned inside 24 hours.
