On March 30, the Ethereum-based DeFi protocol SIR.trading, also referred to as Synthetics Implemented Right, was completely compromised in an exploit that drained its total value locked, amounting to $355,000.
TenArmor, a blockchain security company, was the first to bring the attack to light in a March 30 post on X. They highlighted several suspicious transactions and noted that the stolen assets were moved to RailGun, a privacy-focused platform designed to obscure transaction details.
Subsequently, Decurity, a security platform, disclosed that the attacker exploited a vulnerability within SIR.trading’s Vault contract, specifically targeting a function named “uniswapV3SwapCallback.” They described the attack as a particularly “clever exploit.”
In a separate post on X, blockchain researcher Yi elaborated that the security flaw stemmed from how the contract validated transactions. Ideally, it should only accept transactions from a Uniswap (UNI) pool or other trusted sources.
However, the contract depended on transient storage—a temporary storage method introduced in Ethereum’s EIP-1153 upgrade, commonly known as the Dencun hard fork.
The challenge lay in the fact that transient storage resets only after a transaction is completed, but the hacker was able to manipulate the system to overwrite critical security information while the contract was still active. This allowed the attacker to deceive the contract into accepting their counterfeit address.
The hacker achieved this by brute-forcing a unique vanity address, allowing the contract to recognize their false address as legitimate. They then employed a custom contract to empty the SIR.trading vault of its funds.
The anonymous founder of SIR.trading, Xatarrer, confirmed the breach following the incident, calling it “the worst news a protocol could ever receive.” They sought input from the community on potential next steps and expressed a desire to rebuild despite the setbacks.
As this attack may represent one of the initial occurrences of hackers taking advantage of this new Ethereum feature in practice, it prompts significant concerns regarding the security of transient storage. Security professionals warn that without the implementation of enhanced protections in smart contracts, similar incidents could potentially arise again.