Hack Explained - Astroport

Hack Explained - Astroport

·

1 min read

Astroport is a decentralised exchange (DEX) on the Terra blockchain, designed to facilitate seamless and permissionless trading of digital assets. Recently, Astroport suffered a significant hack resulting in a loss of approximately $6.4 million. The hack was primarily caused by a reentrancy vulnerability that was reintroduced during a recent code upgrade.

Behind the Breach

The attack on Astroport exploited a reentrancy vulnerability within the timeout callback of the ibc-hooks. This type of vulnerability allows attackers to repeatedly call a function within a smart contract before the initial execution is complete, enabling them to drain funds.

Despite this vulnerability being patched previously, it was reintroduced in the June update.

Following the attack, Terra’s validators took the drastic step of halting the blockchain to prevent further losses and implemented an emergency upgrade to address the issue.


Rivanorth is a boutique Web3 cybersecurity company. We specialise in smart contract audits and 360 degree security services for Web3. Visit rivanorth.com to find out more.

You build the future. We help you secure it.