SocialFi App Stars Arena Removes ‘Integrated FUD’ After Tasting ‘noob’ Vulnerability
The team behind the new Friend.tech-inspired protocol Stars Arena has dismissed it as “combined FUD” after it included an exploit that let attackers get away with $2,000 from Avalanche's decentralized social media platform.
In a post on Oct. 5 on X (Twitter), the Stars Arena account said the exploit had been fixed, saying, “Make no mistake, we are at war.”
The exploit has been fixed.
But we are at war to make sure this is not a mistake.
We are being targeted by malicious actors in the space who want to steal your money.
The little guy is being attacked.
You are being attacked.
Your right to platform diversity is under attack.
Don't misunderstand… pic.twitter.com/DmbMdf9cAq
— Stars Arena (@starsarenacom) October 5, 2023
Anonymous X user “0xlilitch” swiped Stars Arena, “noob devs” missed fixing a vulnerability in the platform's price function, allowing attackers to sell user zero “tickets” for technically free Avalanche AVAX (AVAX) tokens.
So how is the contract going now?
Their value() function is broken.
You can earn AVAX by selling 0 shares. Yes. You can do this now and it will work.
But where does this extra AVAX come from?
Read more ⬇️ pic.twitter.com/0RM7NHxLeq
— lilitch.eth (@0xlilitch) October 5, 2023
But the attack vector has reportedly been found to be economically unviable for the attackers. The exploit itself resulted in huge gas bills on Avalanche, making the revenue from the hack more expensive than expected.
As a result, the attackers allegedly spent more on gas bills than the exploiters earned.
For every $0.04 gained from exploits on X-Post, hackers spent an average of $0.25, Ava Labs CEO Emin Gun Sirer said.
So much FUD about the Stars Arena exploit that (1) it was already fixed, (2) it cost the attacker $0.25 to get $0.04, and (3) the attacker only spent $2,000 in total. Now that it's over, let's get back to the fun of the arena.
— Emin Gun Sirer (@el33th4xor) October 5, 2023
Despite the relatively unsuccessful exploit, members of the crypto community were quick to slam the Stars Arena team.
RELATED: Friend.tech Sim-Swap Scourge Continues As Fraudster Gets $385K in Ether
A fake founder and delegate developer known as “Fubar” claimed that the platform had damaged the friend.tech fork, and called Stars Arena “delete your account and product, a clown show.”
You've taken a fully functional base contract and somehow added new attack vectors in your unverified fork. Delete your account and product, clownshow
— foobar (@0xfoobar) October 5, 2023
Stars Arena is the latest app to join the list of social finance platforms like Alpha on Bitcoin Network, Friendzy on Solana and PostTech on Arbitrum.
Despite the rise of similar Desso apps, Friend.Tech remains the market leader with over $293 million in monthly transaction volume, surpassing the closest PostTech app at over $283 million.
Magazine: Blockchain Investigators – Matt Gox's failure saw the birth of Chinalysis
