BlockSec Phalcon: SharwaFinance attacked, attacker profits approximately $146,000

Foresight News reported, according to monitoring by BlockSec Phalcon, that the decentralized finance protocol SharwaFinance claimed to have been attacked and suspended its services. However, several hours later, some suspicious transactions occurred again, possibly exploiting the same underlying issue. The attacker first created a margin account, then conducted leveraged lending using the provided collateral, and finally executed a sandwich attack on the swap operation involving the borrowed assets. The root cause appears to be that the swap() function of the MarginTrading contract lacks bankruptcy checks. This function only verifies solvency based on the account status before executing the asset swap, leaving room for manipulation during the process.

The two attackers made a total profit of approximately $146,000, with attacker 1 (0xd356...c08) earning about $61,000 through multiple attacks, and attacker 2 (0xaa24...795) earning about $85,000 through a single attack.