SumerMoneyExploit.md

SumerMoney Exploit

• Fund Loss: ~$350k

Root Cause

A reentrancy flaw in repayBorrowBehalf allowed the attacker to borrow all assets and manipulate the ETH:sdrETH exchange rate. This distortion enabled the redemption of tokens at an inflated value, resulting in unauthorized profit.

Contract State Before Exploit

• Contract OnChain Link: https://basescan.org/address/0x23811c17bac40500decd5fb92d4feb972ae1e607#code

Contract State After Exploit

• Contract Github Link: https://github.com/meterio/sumer-contracts/blob/8277a3717b3f17ebfaac106003eb884a45945a06/contracts/CToken/CEther.sol