SIR.trading Transient Storage Bug
$355K (entire TVL) drained from leveraged-trading protocol SIR.trading via transient-storage misuse that spoofed the uniswapV3SwapCallback caller check.
- Date
- Victim
- SIR.trading
- Chain(s)
- Status
- Funds Stolen
On March 30, 2025, the leveraged-trading protocol SIR.trading lost its entire TVL of ~$355,000 to a Solidity transient-storage (EIP-1153 tstore/tload) misuse. The protocol stored the expected Uniswap-v3 callback caller in transient storage but checked it incorrectly, letting the attacker pass the uniswapV3SwapCallback caller validation with a malicious contract.
What happened
SIR.trading used transient storage to track the authorized callback caller during a swap. A flaw in how the value was set/validated allowed an attacker to satisfy the callback's caller check from an arbitrary contract, then invoke the callback to extract the protocol's funds. The entire (small) TVL was drained.
Aftermath
- Protocol effectively ended; founder publicly distraught (the loss was 100% of TVL).
Why it matters
SIR.trading is one of the earliest exploits specifically of EIP-1153 transient storage — a 2024 EVM feature whose semantics (cleared at end of transaction, not call) are subtly different from regular storage and create a fresh footgun class. It is the newest instance of the catalogue's perennial theme: every new EVM primitive reintroduces caller-authentication bugs in a new form before the ecosystem's collective experience has hardened around it. Transient storage joins delegatecall, selfdestruct, ERC-777 hooks, and Uniswap-v4 hooks as primitives that were powerful, useful, and immediately the basis of an exploit.
Sources & on-chain evidence
- [01]halborn.comhttps://www.halborn.com/blog/post/explained-the-sir-trading-hack-march-2025
- [02]defihacklabs.substack.comhttps://defihacklabs.substack.com/p/sir-exploit-355k-loss-vulnerability
- [03]rekt.newshttps://rekt.news/sirtrading-rekt