Ten independent audits over two years of the Ethereum-based lending protocol Euler Finance found it to be “nothing above low risk” and had “no outstanding issues” before it suffered a $196 million attack .
In a series of tweets on March 17, Euler Labs CEO Michael Bentley described the “toughest days” of his life following the attack on Euler’s $196 million flash loan on March 13.
He retweeted a user sharing information that Euler had 10 audits from 6 different firms, commenting that the platform “has always been a security-conscious project.”
Euler has always been a security-minded project. The Euler smart contracts, including the vulnerable lines of code, were audited. https://t.co/SvNeoKEGuY
—Michael Bentley (@euler_mab) March 16, 2023
Euler has always been a security-conscious project. Euler smart contracts, including vulnerable lines of code, were audited.
blockchain security signatures, including Halborn, Solidified, ZK Labs, Certora, Sherlock and Omnisica, conducted smart contract audits at Euler Finance between May 2021 and September 2022.
Halborn ranked his risk assessment by measuring the “likelihood of a security incident” and the impact it could have, with the risk level ranging from very low and informative to critical. Euler received “nothing above low risk.”
A summary of Halborn’s December 2022 audit revealed that it had obtained “a generally satisfactory result.”
The abstract stated that 23 smart contracts were “inspected and analyzed” by Halborn over a period of one month, of which only “two low risks and three informational risks” were identified.
Euler stated that he had reviewed Halborn’s coverage and concluded that the risks “do not pose significant threats.”
Blockchain security firm Omnisica addressed some “wrong paradigms” in the Euler base exchanger implementation and how the exchange mode was “handled by the code base.” However, the report claimed that Euler had “adequately resolved” these issues, leaving no “unfinished business”.
On March 16, the protocol hacker began moving funds through cryptocurrency mixer Tornado Cash, just hours after Euler released a million-dollar bounty for information leading to the hacker’s arrest.
In his recent Twitter thread, Bentley said he would never “forgive the attacker” as he was forced to “sacrifice time” with his newborn son because of the attack, but thanked security experts who are “working leads” for the investigation.
Only 24 hours before the reward, Euler issued a warning saying he would issue one “leading to his arrest and the return of all funds” if 90% of the fund was not returned within 24 hours.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.