About a week ago, the SocialFi platform launched on the Avalanche network made a big impact in Turkey. However, recent allegations are concerning. Stars Arena, the latest project that combines cryptocurrencies with social media, has come under scrutiny for exploitation. Even if the vulnerability is not real, if FUD (fear, uncertainty, and doubt) grows, we may see a rapid decline in the value of shares on the platform.
Has Stars Arena Been Hacked?
A user named 0xlilitch raises concerns about a code vulnerability regarding the Stars Arena platform, which has reached tens of thousands of users in a short period of time. Due to the vulnerability, malicious users can exploit the liquidity in the protocol, making it impossible to sell their shares at some point.
0xlilitch says:
“1.1 million dollars are currently being wasted due to inexperienced developers at Friend Tech who cannot create a proper copy. If you have ANY SHARES, you should sell them while you still can.”
So how is the contract emptied?
“getPrice() FUNCTIONS ARE BROKEN.
You can buy AVAX without selling your shares. Yes. You can do it now, and it will work. But where does this extra AVAX come from?”
When people buy shares -> AVAX goes to the contract
When people sell shares -> AVAX goes from the contract to their wallets
This means that when all funds are depleted, YOU CANNOT SELL SHARES
And now it is being used by dozens of users
The most unfortunate part is that the exploiters are BURNING ~80% of the AVAX they obtain. Because they want to withdraw as much money as possible -> blocks get filled -> gas prices increase and the contract will not stop until it is EMPTIED.”
Kaleo, one of the leading advocates of the platform, wrote the following:
“There are some truths in this, but it is more FUD than reality.
As the attacker tries to take more, they lose a significant amount of AVAX. Can someone continue to spend money just to smear the platform? Of course, but I don’t see a chance for Ava labs to step in and fix this after a patch is made (the team is currently working on it). This application is very important to them.
There is still 1 million dollars in the contract, and there is no loss to be feared.”
Another user stated on the Discord server that the information about the issue being resolved was provided and the loss was only 2 thousand dollars.
