Ten separate audits carried out over a two-year interval of the Ethereum-based lending protocol Euler Finance deemed it to be “nothing greater than low danger” and having “no excellent points” previous to it affected by a $196 million assault.
In a sequence of tweets on March 17 Euler Labs CEO, Michael Bentley described the “hardest days” of his life after Euler’s $196 million flash mortgage assault on March 13.
He retweeted one person sharing info that Euler had 10 audits from 6 completely different companies, and commented that the platform “has all the time been a security-minded venture.”
Euler has all the time been a security-minded venture. The Euler sensible contracts, together with the weak traces of code, have been audited.https://t.co/SvNeoKEGuY
— Michael Bentley (@euler_mab) March 16, 2023
Blockchain safety companies together with Halborn, Solidified, ZK Labs, Certora, Sherlock and Omnisica carried out sensible contract audits on Euler Finance from Might 2021 to September 2022.
Halborn ranked its danger evaluation by measuring the “chance of a safety incident” and the affect it could have, with the chance degree starting from very low and informational, to vital — Euler obtained “nothing greater than low danger.”
It was revealed in a Dec. 2022 abstract of Halborn’s audit that it had discovered “an total passable end result.”
The abstract said 23 sensible contracts have been “inspected and analyzed” by Halborn over a one-month interval, of which solely “two low dangers and three informational” dangers have been recognized.
Euler said it had reviewed Halborn’s protection and concluded the dangers “pose no important threats.”
Blockchain safety agency Omnisica addressed some “incorrect paradigms” in Euler’s base swapper implementation, in addition to how the swap mode was “dealt with by the codebase” — however said within the report that these points have been “correctly dealt” with by Euler, and “no excellent points” remained.
Associated: Euler Finance blocks weak module, engaged on recovering funds
On March 16 the protocol’s hacker started transferring funds by crypto mixer Twister Money solely hours after a $1 million bounty was launched by Euler for info resulting in the hacker’s arrest.
In his current Twitter thread Bentley stated he’ll by no means “forgive the attacker” as he was compelled to “sacrifice time” along with his new child son as a result of assault however thanked safety consultants who’re “engaged on leads” for the investigation.
Solely 24 hours previous to the bounty, Euler issued a warning saying it could launch a one “that results in your arrest and the return of all funds” if 90% wasn’t returned inside 24 hours.