The Avalanche-based social protocol Stars Arena has a serious vulnerability that may result in user funds being at risk

ChainCatcher news, according to The Block, the Avalanche-based social protocol Stars Arena has a serious vulnerability that allows anyone to steal Avax tokens from the project's smart contract.

This security flaw threatens over $1 million locked in its smart contract. Analyst lilitch.eth first pointed out that due to a defect in the getPrice() function, hackers can call the contract and transfer funds to their wallets, potentially draining the contract. Meanwhile, The Block Research was able to confirm this vulnerability.

Despite this flaw, the high transaction fees on the network currently serve as a deterrent to malicious hackers, as they need to call the contract multiple times to drain the funds. Therefore, attempts to extract funds from the protocol currently seem unprofitable.

It is reported that Stars Arena launched in September and is a social protocol inspired by Friend.Tech. Within just two weeks of its launch, Stars Arena's TVL surpassed $1 million, while also triggering a significant increase in on-chain transactions on the Avalanche network.