PEOPLEDEVELOPMENT

Friend.tech's fork version Stars Arena encounters contract vulnerability! Developers criticize: Delete the product.

share
Friend.tech

The social protocol friend.tech has recently attracted attention due to the rise in the Chinese community, with many developers also launching fork protocols on other chains. However, the rapidly growing Avalanche fork version Stars Arena was reported to have been hacked, resulting in user asset losses. Nevertheless, the crisis has been resolved at present.

Stars Arena Contract Bug Puts AVAX Users at Risk

According to a report by The Block, Stars Arena's smart contract has a serious vulnerability that allows anyone to drain other users' AVAX assets. Data from DeFiLlama shows that the Total Value Locked (TVL) in Stars Arena is approximately $1.67 million, putting these funds at risk.

X, formerly known as Twitter user lilitch.eth, was the first to discover the issue, pointing out that Stars Arena's getPrice function is incorrect, allowing users to obtain AVAX without selling any shares.

Initially, attackers could profit approximately 0.0015 AVAX, or around $0.015, per transaction after deducting gas fees.

Fortunately, as more people discovered this vulnerability, the increased trading volume on Avalanche caused transaction fees to rise rapidly, making the exploit no longer profitable.

Avalanche's gas fees surged to three times their normal levels.

Foobar Criticizes: Delete Your Account and Product

Within two hours of the incident, Stars Arena announced that the bug had been fixed and tried to ease the situation with encouraging words like "We will fight, survive, and win." Avalanche founder Emin Gün Sirer also mentioned that the event only resulted in a $2,000 loss.

However, for a forked protocol to have such a vulnerability incident seems questionable. Renowned developer foobar criticized the situation, stating:

"You took a perfectly usable base contract, then added a new attack vector in an unverified fork. Delete your account and product, clown show."