SIR
  • Protocol Overview
    • 👋Introducing SIR
      • 📈Take on Leverage and Forget
      • ✏️Whiteboard Video
    • 🫗Liquidity and Leverage
      • 🌱Protocol Owned Liquidity
    • 🔮Price Oracle
    • 🎩SIR: A Dividend-Paying Token
      • 🍰Token Distribution
    • 🏷️Token Auctions
    • 🧪Beta Period
    • ⚠️User Risks
    • 📜Contract Addresses
    • 🪂Alternative Frontend (IPFS)
    • 💥Exploit & Relaunch
  • Links
    • Discord
    • GitHub
    • X / Twitter
    • Protocol Audit
Powered by GitBook
On this page
  • Incident Overview
  • Our Emergency Response
  • What’s Next

Was this helpful?

  1. Protocol Overview

Exploit & Relaunch

What Went Wrong, and What Comes Next

PreviousAlternative Frontend (IPFS)

Last updated 10 days ago

Was this helpful?

Incident Overview

On March 30, 2025, SIR Trading's vault was drained of its entire $355 K TVL when an attacker weaponized Ethereum's new transient storage (TSTORE/TLOAD) feature:

  1. Setup

    • Attacker deployed a custom Uniswap V3 pool and initialized a vault in our Vault contract.

    • During uniswapV3SwapCallback, the transient storage slot at position 1 was used to verify the caller was a Uniswap pool, however by the end of the execution by tstore(1, amount), leaving stale data.

  2. Vanity‐Address Exploit

    • By brute‐forcing a CREATE2 address whose numeric value equaled the forged mintAmount, the attacker passed our pool-address check.

    • They repeatedly invoked uniswapV3SwapCallback, siphoning all collateral through the compromised slot.

  3. Stolen Funds Trail

    • Initial funds (0.3 ETH) came from Railgun.

    • Attack TX:

    • Attacker: 0x27defcfa6498f957918f407ed8a58eba2884768c

Root cause: our callback logic did not clear or re-validate the transient‐storage slot between operations, allowing a crafted value to masquerade as the pool address.

Our Emergency Response

When the exploit hit, we sprang into action using our :

  1. Emergency Mode Activated We suspended all new deposits to stop any further loss while still allowing users to withdraw their funds.

  2. Shutdown After 20 days we have permanently locked the protocol to ensure nobody will ever use it.

What’s Next

We're now focused on a robust restart:

  1. Three Parallel Private Audits are already underway.

  2. Public Audit: Up to $50K will be allocated to reward the discovery of any missed critical vulnerabilities.

  3. Relaunch Timeline: We aim to deploy the upgraded protocol on Ethereum mainnet roughly one month after the sale ends, subject to audit results.

Funding: A capped to help us cover audit costs and relaunch expenses.

💥
that slot was overwritten
0xa05f047ddfdad9126624c4496b5d4a59f961ee7c091e7b4e38cee86f1335736f
protocol’s built-in safety guardrails
public sale is now live