Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
On Feb. 13, onchain security firm Peckshield noticed a security breach on the dForce network. DForce had suffered a reentrancy hack attack on two vaults and lost about $3.65 million. After the hack, dForce immediately paused the vaults to ensure the safety of the remaining funds. In a tweet earlier today, dForce announced that the exploited funds had been fully returned to their multi-sig on both Arbitrum and Optimism. Reported loss: $0.
- chain
- arbitrum
- protocol
- DForce
- bug_class
- reentrancy
- date_occurred
- 2023-02-13
- loss_usd
- $0
- source_id
- cs:dforce::2023-02-13