EraLend zkSync Read-Only Reentrancy

On July 25, 2023, the lending protocol EraLend — the largest lending market on zkSync Era at the time — lost approximately $3.4 million through a read-only reentrancy in its price oracle. The attacker manipulated the USDC price mid-callback during a SyncSwap pool operation, defeating the protocol's solvency checks.

What happened

EraLend used SyncSwap pools (zkSync Era's leading DEX) as a price source for its lending markets. The oracle read SyncSwap's reported price for the relevant pairs to value collateral and trigger liquidations.

The vulnerability was the well-documented read-only reentrancy pattern — the same class that hit dForce on Arbitrum/Optimism five months earlier. SyncSwap's pool operations, like Curve's, perform a sequence of state mutations and external calls. Between mutations, the pool's reported price is temporarily incorrect. A contract that reads the price during this window — even via a "read-only" view function that doesn't itself mutate state — gets a manipulated value without any reentrancy guard firing.

The attack:

1. Initiated a SyncSwap pool operation (liquidity removal or swap) that triggered an external callback to attacker-controlled code.
2. From inside the callback — while SyncSwap's pool state was mid-mutation and its reported price was temporarily wrong — called EraLend's borrowing functions.
3. EraLend's oracle read the manipulated mid-mutation price, mis-valuing the attacker's collateral.
4. Borrowed against the inflated collateral valuation, extracting approximately $3.4M from EraLend's reserves.

Aftermath

• EraLend paused borrowing operations and warned users.
• The team coordinated with zkSync ecosystem security contacts and SyncSwap on the response.
• The stolen funds were bridged off zkSync Era and laundered; no public recovery.
• EraLend's standing as the dominant zkSync lending protocol was significantly damaged.

Why it matters

EraLend is part of the read-only reentrancy lineage — a vulnerability pattern that has recurred every time a lending protocol integrates a DEX oracle without explicitly handling the mid-mutation price window:

• Lendf.Me (Apr 2020) — original Curve reentrancy.
• dForce (Feb 2023) — Curve read-only reentrancy on Arbitrum/Optimism.
• EraLend (Jul 2023) — SyncSwap read-only reentrancy on zkSync Era.
• Conic Finance (Jul 2023) — Curve read-only reentrancy, same month.

The recurring structural lesson: every new chain's leading DEX has the same read-only-reentrancy footgun as its Ethereum predecessors, and every new lending protocol on that chain re-learns the lesson at its users' expense. The defensive pattern — checking the DEX's reentrancy lock state before consuming its price, or using a manipulation-resistant oracle architecture entirely — is well-documented (Curve and others publish explicit integration guidance), but the knowledge does not automatically transfer to new chains and new teams.

EraLend's incident is a representative example of the broader 2023-2024 pattern: as DeFi expanded to new L2s (zkSync, Linea, Base, Scroll, etc.), each ecosystem repeated the security mistakes Ethereum DeFi had already paid for — read-only reentrancy, oracle manipulation, Compound v2 fork bugs, donation attacks — because the new ecosystems' teams and audit firms had less accumulated scar tissue. The cost of each chain independently re-learning the same lessons is a recurring, quantifiable tax on the multi-chain expansion of DeFi.