Transient storage vulnerabilities lead to $300,000 attacks on on-chain projects, experts analyze prevention suggestions.

robot
Abstract generation in progress

Analysis of the $300,000 on-chain attack incident caused by transient storage vulnerabilities

On March 30, 2025, a certain on-chain leveraged trading project was attacked, resulting in a loss of over $300,000 in assets. The security team conducted an in-depth analysis of this incident, and the results are shared as follows:

Background

The attack occurred on the Ethereum network, targeting a leveraged trading project. The attacker exploited a transient storage-related vulnerability in the project's contract.

Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage

Prerequisite Knowledge

Solidity version 0.8.24 introduces the transient storage ( feature, which is a new data storage location. Its main characteristics include:

  • Low gas cost: TSTORE and TLOAD operations consume a fixed 100 gas
  • Transaction persistence: Data remains valid throughout the transaction.
  • Automatic reset: Automatically reset to zero after the transaction ends.

![Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-17317f8c1ab5c8cafd379315695be34c.webp(

Cause of Vulnerability

The root cause of this attack is that the value stored in transient storage using tstore in the contract was not cleared after the function call ended. This allowed the attacker to exploit this feature to construct a specific address, bypass permission checks, and transfer out tokens.

![Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-fde2d0d89b221f239b5ad5d0fd586d42.webp(

Attack Process

  1. The attacker creates two malicious tokens A and B, and establishes a liquidity pool for them on a certain DEX.
  2. Call the initialize function of the target contract to create a leveraged trading market with A tokens as collateral and B tokens as debt tokens.
  3. Call the mint function to deposit B tokens to mint leveraged tokens, during which two transient storage operations were performed.
  4. Create a malicious contract with an address that is the same as the second transient storage value.
  5. Call the callback function of the target contract through the malicious contract to bypass the permission check and transfer the tokens.
  6. Finally, call the callback function again through the attack contract (Token A) to transfer out profits in other tokens (such as WBTC, WETH).

![Deadly Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-30320e0697136205e69772f53122d5be.webp(

![Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-e977f8452ae48dea208426db15adab36.webp(

![Deadly Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-0ef4c8b460905daddd99060876917199.webp(

![Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-193da5915e9140a4cf26cc1a04c39260.webp(

![Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-c12acde84f6df58e57eb10d68c487d6b.webp(

![Deadly Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-653adef89663df141d377b583f556bfc.webp(

![Deadly Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-2b2f646b8ee78e58f3df2076ed62be99.webp(

![Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-b342e46fb86369b5bd082591bbe741fa.webp(

![Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-e7fed078646f6800505eb85ae09e65bf.webp(

![Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-7317876b8e2a3a592abcaf1e21b62f46.webp(

![Deadly Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-8197999b1965f36c7584c2aba320257b.webp(

![Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-636a5fb9c992ef97cbe75e22fac0d331.webp(

Capital Flow Analysis

The attacker stole approximately $300,000 worth of assets, including:

  • 17,814.8626 USDC
  • 1.4085 WBTC
  • 119.871 WETH

Subsequently, the attacker exchanged WBTC and USDC for WETH, ultimately transferring 193.1428 WETH to a certain mixing service.

The attacker's initial funds (0.3 ETH) also came from that mixing service.

![Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-904133c007422770dd55372438c3d257.webp(

![Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-c2206fe20197a3835ddb92319314e4eb.webp(

Summary and Recommendations

The core of this attack lies in the exploitation of the transient storage feature that maintains its value unchanged throughout the transaction period, thereby bypassing the contract's permission verification. To prevent similar attacks, it is recommended that the project team:

  1. Immediately use tstore)key to clear the values in transient storage after the function call ends.
  2. Strengthen contract code auditing and security testing.
  3. Use newly introduced language features with caution and fully understand their potential risks.
WBTC0.51%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 6
  • Share
Comment
0/400
PensionDestroyervip
· 7h ago
Another sucker has sent.
View OriginalReply0
TestnetFreeloadervip
· 7h ago
Ah, how can you leech when you can't even hold your own project?
View OriginalReply0
LootboxPhobiavip
· 8h ago
Oh no, another brother has stepped on a landmine.
View OriginalReply0
BearMarketMonkvip
· 8h ago
The contract hole was also exploited while milking the rewards.
View OriginalReply0
DeFiAlchemistvip
· 8h ago
ah, another sacrificial lamb to the dark arts of smart contract exploitation... *adjusts crystal ball* these ephemeral storage vulnerabilities are like cracks in the hermetic seal of protocol alchemy
Reply0
TestnetNomadvip
· 8h ago
It's terrible, I've been sheared again.
View OriginalReply0
Trade Crypto Anywhere Anytime
qrCode
Scan to download Gate app
Community
English
  • 简体中文
  • English
  • Tiếng Việt
  • 繁體中文
  • Español
  • Русский
  • Français (Afrique)
  • Português (Portugal)
  • Bahasa Indonesia
  • 日本語
  • بالعربية
  • Українська
  • Português (Brasil)