🔈 YUNA Announcement 🔈 Dear valued community members and #YUNARMY members, We write to you today with a heavy heart to inform you about a recent unfortunate incident that has deeply impacted our project. Our staking dApp was targeted by a malicious attacker who exploited a vulnerability, resulting in the drainage and subsequent sale of all reward tokens. As a consequence, the price of our token has been significantly affected, causing distress and concern among our community. The attacker employed a sophisticated reentrancy attack, which has raised several questions and concerns among our community. We want to shed light on how this attack happened and address the unexpected nature of the vulnerability that allowed it to occur, despite our implementation of OpenZeppelin's ReentrancyGuard, a widely trusted industry-standard security mechanism. Reentrancy attacks occur when an attacker exploits the reentrancy vulnerability in a smart contract. This vulnerability arises when a contract interacts with an external contract, and the external contract can call back into the original contract before the previous execution completes. In such cases, the attacker can execute unanticipated code and potentially manipulate the contract's state. To protect against reentrancy attacks, we implemented OpenZeppelin's ReentrancyGuard, which is renowned for its reliability and effectiveness. ReentrancyGuard is designed to prevent reentrancy by adding a mutex (a lock) that blocks reentrant calls while the contract is still executing. This ensures that only one function can be called at a time, mitigating the risk of reentrancy attacks. However, it is with great disappointment that we must acknowledge that the attacker found a way to bypass the safeguards implemented by OpenZeppelin's ReentrancyGuard. Through a combination of multiple smart contracts and wallets, they were able to circumvent the protection measures that we had put in place, exploiting a weakness that was previously unknown and unforeseen. This unexpected breach in the ReentrancyGuard mechanism has been a harsh wake-up call for us and the wider industry. It emphasizes the ever-evolving nature of smart contract vulnerabilities and the need for constant vigilance and improvement in our security practices. In response to this exploit, we have already taken immediate action to investigate the incident and reinforce our security protocols. Our developers are working closely with security experts to conduct an extensive audit of our smart contracts, identify the vulnerabilities that were exploited, and enhance our defenses accordingly. We are also reaching out to the OpenZeppelin team to collaborate on analyzing and understanding this attack vector better, with the aim of preventing similar incidents in the future. We understand the concern and doubt that this incident may have raised among our community. We want to assure you that we are fully committed to addressing these issues head-on, learning from this experience, and improving the security of our project. Transparency, communication, and accountability are of utmost importance to us, and we will keep you informed of any progress or updates regarding the recovery process and security enhancements. Now, more than ever, we need your unwavering support, patience, and belief in the fundamental value of our project. We are determined to learn from this experience, fortify our defenses, and build a more secure and resilient ecosystem. Thank you for being part of our community, and please remember that our team is here for you. We will overcome this obstacle together and emerge stronger as a community. Buybacks, Listings and Marketing will return to all of us very soon. 🟢⌛️ https://dashboard.tenderly.co/tx/mainnet/0x7ad67cc54e6a2a73f2820b545784cd061a12983e949ac0457fa609d2f5503897 Info available here for the people who would like to check a breakdown of the events through on-chain data. 👆🏻 Sincerely, YUNA Team