BlockSec: Sharwa.Finance has been attacked multiple times, resulting in losses exceeding $140,000

ChainCatcher news, according to market reports, Sharwa.Finance has disclosed that it was attacked and subsequently paused operations. However, several hours later, multiple suspicious transactions occurred, suggesting that the attacker may have exploited the same underlying vulnerability through a slightly different attack path.

Overall, the attacker first created a margin account, then used the provided collateral to borrow more assets through leveraged lending, and finally initiated a "sandwich attack" targeting the exchange operations involving the borrowed assets.

The root cause seems to be the lack of bankruptcy checks in the swap() function of the MarginTrading contract, which is used to exchange the borrowed assets from one token (like WBTC) to another token (like USDC). This function only verifies solvency based on the account status at the start of the exchange, leaving room for manipulation during the operation process.

Attacker 1 (starting with 0xd356) executed multiple attacks, profiting approximately $61,000. Attacker 2 (starting with 0xaa24) executed one attack, profiting approximately $85,000.