A hacker was able to successfully take advantage of a vulnerability in the USDC smart contracts of the Dolomite project in order to get access to and steal $1.8 million in USD Coin (USDC), according to blockchain security startup CertiK.
The attackers concentrated on a defunct contract called “DolomiteMarginProtocol,” which allowed them to execute the attack in compliance with the owner’s consent until the system was removed in 2020. The security concern in this instance was the attackers’ ability to use phony contracts to steal money from the auditors.
Recently, among Dolomite’s employees, a deactivated compromised contract that solely affected the contract’s first users arose.
The `callFunction` function made the `DolomiteMarginProtocol} contract vulnerable by enabling unrestricted access. The purpose of defining the {noEntry} limitations on {callFunction} use was to bring in the safety feature. When done manually, `noEntry` wouldn’t be disabled until `singleEntry`, a separate procedure, had completed.
The hacker succeeded in using {noEntry} without permission. This was resolved by the developers by ‘calling’ the {SoloMargin} function, which resides in a different contract.
