Euler Finance hacked despite 10 audits in 2 years, says CEO

cointelegraph.com:

Ten separate audits conducted over a two-year period of the Ethereum-based lending protocol Euler Finance deemed it to be “nothing higher than low risk” and having “no outstanding issues” prior to it suffering from a $196 million attack.

In a series of tweets on March 17 Euler Labs CEO, Michael Bentley described the “hardest days” of his life after Euler’s $196 million flash loan attack on March 13.

He retweeted one user sharing information that Euler had 10 audits from 6 different firms, and commented that the platform “has always been a security-minded project.”

Euler has always been a security-minded project. The Euler smart contracts, including the vulnerable lines of code, were audited.https://t.co/SvNeoKEGuY

Blockchain security firms including Halborn, Solidified, ZK Labs, Certora, Sherlock and Omnisica conducted smart contract audits on Euler Finance from May 2021 to September 2022.

Halborn ranked its risk assessment by measuring the “likelihood of a security incident” and the impact it may have, with the risk level ranging from very low and informational, to critical — Euler received “nothing higher than low risk.”

It was revealed in a Dec. 2022 summary of Halborn’s audit that it had found “an overall satisfactory result.”

The summary stated 23 smart contracts were “inspected and analyzed” by Halborn over a one-month period, of which only “two low risks and three informational” risks were identified.

Euler stated it had reviewed Halborn’s coverage and concluded the risks “pose no significant threats.”

Blockchain security firm Omnisica addressed some “incorrect paradigms” in Euler’s base swapper implementation, as well as how the swap mode was “handled by the codebase” — but stated in the report that these issues were