A crypto developer is pleading for assist and providing a bounty value tens of millions after unintentionally sending $25 million of Renzo tokens to the unsuitable Ethereum tackle.
The dev despatched 7,912 ezETH, a kind of liquid restaking token value over $3,400 apiece, to what’s referred to as a Protected Module as a substitute of a Protected. With funds now frozen, the developer is providing 10% — a $2.5 million reward — to anybody who can retrieve his funds.
The tokens went to an Ethereum contract tackle labeled ‘CoboSafeAccount.’ Regardless of having keys to that pockets, the dev’s explicit token kind and a bug in ERC-20 transaction dealing with prohibit restoration. That CoboSafeAccount now holds about $27 million in Renzo Restaked ETH (ezETH) — barely larger than his preliminary deposit as a result of Monday’s rally within the value of ether (ETH).
Renzo is a liquid restaking protocol that interoperates with EigenLayer, a layer 2 on Ethereum. It permits customers to achieve entry to Ethereum’s proof-of-stake yield by merely proudly owning ezETH moderately than really staking ETH as a solo staker.
Renzo presently boasts $1.6 billion in whole restaking worth on its platform.
A bug in ERC-20 transaction dealing with?
A hacker who goes by “Dexaran” commented on the $27 million in frozen ezETH, saying the issue is a safety situation with ERC-20 contracts that Ethereum builders have failed to repair since 2017. Particularly, Dexaran says ERC-20 switch capabilities lack correct dealing with protocols.
It additionally lacks failsafe defaults and error-handling protocols that might have prevented errors just like the one dedicated by the CoboSafeAccount proprietor.
Dexaran says he developed the ERC-223 normal, which provides allegedly superior transaction dealing with. He additionally engaged with Ethereum builders about ERC-223 with restricted success.
The CoboSafeAccount proprietor confirmed that the contract had no switch operate.
Will a bounty deliver Renzo to the rescue?
At this level, in line with many feedback on X, Renzo’s personal builders are in all probability the one approach for the beleaguered dev to get well his $27 million. Renzo, as proprietor of the ezETH contract, may replace the contract to permit funds to be retrieved. Nevertheless, that might require gaining the cooperation of devs accountable for a billion-dollar protocol.
Pressing Request for Assist!
To all expert hackers and white hats on the market: I’ve misplaced a big sum of funds in a contract and urgently need assistance recovering it. Should you can efficiently retrieve the funds, I’ll instantly provide a ten% reward, which is roughly $2.5 million…
— 我有一个狗王梦 (@qklpjeth) November 10, 2024
Some commenters urged providing Renzo the bounty whereas others provided to barter with Renzo or really helpful placing social stress on the crew.
Some additionally urged that the CoboSafeAccount proprietor may add himself as a delegate and use execTransaction to get the funds out if he controls the contract. That methodology doesn’t but appear profitable.
The decision of the difficulty remains to be pending. Renzo would possibly resolve to replace their contract to provide this developer a workaround to the bug in ERC-20 transaction dealing with. Nevertheless, it’s equally doubtless that the funds will likely be caught without end.
