Reentrancy attacks in 2023

An attacker exploited rate-provider read-only reentrancy in Balancer boosted pools after a disclosure, draining ~$2.1M before users could fully exit liquidity.

EraLend on zkSync Era lost $3.4M to a read-only reentrancy: the attacker manipulated the USDC oracle price mid-callback during a SyncSwap pool operation.

Conic Finance's ETH Omnipool had reentrancy guards but assumed Curve v2 used a specific ETH address. A new CurveLPOracleV2 slipped past it, draining $3.2M.

$800K drained from Sturdy Finance via a Balancer read-only reentrancy that mispriced B-stETH-STABLE LP collateral. Funds returned after negotiation.

Curve read-only reentrancy on remove_liquidity drained $3.65M from dForce's wstETH/ETH pool on Arbitrum and Optimism. White hat returned all funds.

$3M drained from Orion on Ethereum and BSC after doSwapThroughOrionPool accepted unvalidated paths with no reentrancy guard; a fake token inflated balances.

Midas Capital on Polygon lost $660K to a Curve read-only reentrancy that mispriced jBRL/BRZ LP collateral, letting the attacker borrow against inflated value.