The Ethereum version of Dolomite suffered a $1.8 million exploit, and the team is warning users to revoke approvals for this old address.
An old contract previously used by the Dolomite crypto exchange has been exploited for approximately $1.8 million, according to a March 20 report from blockchain security platform CertiK and seen by Cointelegraph. The exploit affected users who previously authorized approvals to the contract, and the development team recommended revoking approvals to the Ethereum Dolomite address that begins with 0xe2466.
The development team claimed that users who have only interacted with the current version on Arbitrum should not be affected. They have also disabled the faulty contract, which should protect users who have not yet become victims of the attack. Even so, the team argued that users should revoke approvals to this contract.
According to the CertiK report, the attacker exploited a function named “callFunction” that allows a user to make any arbitrary calls. This function is guarded by a “noEntry” modifier, which under normal circumstances, should prevent any reentrancy attacks. However, this guard can be bypassed by the TradeManager contract located at 0xe2466, which contains a “call” function that has no reentrancy guard. Thus, the attacker was able to use this contract to drain funds from users, CertiK claimed.