Stars Arena faces vulnerability that can potentially let users drain funds
- Stars Arena is facing a critical vulnerability that poses a risk to over $1 million locked in its smart contract.
- High transaction fees on Avalanche may currently deter hackers, as extracting funds might not be profitable.
Avalanche-based social protocol Stars Arena has been reportedly exposed to a critical vulnerability that could enable anyone to drain Avax coins from the project’s smart contract.
This security vulnerability threatens over $1 million of the value locked in its smart contract. The contract might be drained due to a faulty getPrice() function, which allows hackers to call the contract and transfer funds to their wallets, as first noted by an analyst named lilitch.eth on X. The Block Research was able to confirm the vulnerability.
Despite the existence of this vulnerability, the high transaction fees on the network currently serve as a deterrent for malicious hackers, as they need to invoke the contract multiple times to drain the funds. Consequently, attempting to extract funds from the protocol appears to not be profitable at present.
Monetized social media apps
Introduced in September, Stars Arena is a social protocol inspired by FriendTech. Within merely two weeks of its launch, the TVL of Stars Arena surpassed $1 million, leading to a significant surge in on-chain transactions on the Avalanche network.
Stars Arena enables users to connect their Twitter accounts, facilitating the purchase or sale of profile tokens of other users with Avalanche’s native currency, AVAX. The app automatically creates a wallet for users, enabling them to deposit Avax and start using the service.
A spokesperson for Stars Arena did not immediately respond to a request for comment.