A sophisticated read-only reentrancy attack on the Sentiment Protocol has resulted in the loss of approximately $1 million in user funds, casting a spotlight on persistent smart contract vulnerabilities in DeFi systems built on layer-2 networks.
The Exploit Mechanics
The attacker exploited a well-documented read-only reentrancy bug within Sentiment’s integration with the decentralized exchange Balancer. At approximately 17:50 UTC on April 4, the hacker manipulated the interaction between Sentiment and Balancer’s liquidity pools, tricking the protocol into allowing withdrawals far exceeding the attacker’s actual deposits. The stolen funds were denominated in USDC, USDT, wrapped Bitcoin, and Ether — all quickly converted to ETH and bridged from Arbitrum back to the Ethereum mainnet.
Read-only reentrancy attacks differ from classic reentrancy exploits. Rather than repeatedly calling a withdraw function, the attacker exploits a window where a contract’s state has not yet been updated after an external call. In Sentiment’s case, the Balancer pool integration failed to properly guard against stale state reads, enabling the attacker to inflate their balance assessment and drain funds. According to Igor Igamberdiev, head of research at Wintermute, at least three protocols have suffered exploits using this specific read-only reentrancy vector since its discovery by ChainSecurity over a year prior.
Affected Systems
Sentiment is a DeFi lending protocol operating on Arbitrum, one of Ethereum’s most prominent layer-2 scaling solutions. The exploit specifically targeted the protocol’s balance-checking mechanism tied to Balancer pools, which serve as the primary liquidity source. The attack affected all users who had deposited funds into Sentiment’s lending markets. Notably, Sentiment holds insurance coverage through Sherlock, a smart contract audit marketplace, with $2 million in coverage — enough to potentially cover the full extent of losses if the claim is validated.
The Mitigation Strategy
Following the exploit, Sentiment’s team moved swiftly to deploy an emergency fix. In an on-chain message sent to the attacker’s wallet, the protocol offered a $95,000 bounty — roughly 10% of the stolen funds — for the return of all assets by April 6, 08:00 UTC. If the hacker declined, the same bounty was offered to anyone who could help identify and prosecute the responsible party. This approach mirrors a growing trend in DeFi where protocols negotiate with attackers through on-chain messages, a strategy that recently succeeded when Euler Finance recovered nearly all of its $200 million in stolen funds after similar negotiations.
Lessons Learned
The Sentiment exploit underscores a troubling pattern: known vulnerabilities continue to claim victims months or even years after discovery. The read-only reentrancy bug was identified by ChainSecurity well before this attack, yet protocols integrating with Balancer and Curve pools without implementing proper guards remain exposed. With Bitcoin trading near $28,178 and Ethereum at $1,909, the DeFi ecosystem holds billions in total value locked, making thorough security audits and continuous re-evaluation of integrations an operational necessity rather than an optional expense.
User Action Required
If you have funds deposited in Sentiment or any protocol with Balancer or Curve pool integrations, revoke all outstanding token approvals immediately. Verify whether the protocols you use have implemented reentrancy guards specifically for read-only reentrancy vectors. Monitor official Sentiment channels for updates on the insurance claim process through Sherlock, and exercise heightened caution with any Arbitrum-based lending protocol that has not undergone a comprehensive re-audit since this vulnerability class was disclosed.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before engaging with any DeFi protocol.
read-only reentrancy is one of those bugs that keeps coming back because devs treat external calls as safe. balancer integration should have had a reentrancy guard period
bugzapper external calls are never safe. the balancer docs even warn about this but devs still skip reentrancy guards on view functions
audit_bot view function reentrancy is barely covered in audit checklists. most firms treat reads as safe by default. until that assumption changes these exploits will keep happening
$1M is relatively small for a reentrancy exploit but the pattern is concerning. how many other protocols integrate with balancer pools without proper guards?
Chen Wei i audited three protocols last month that integrate with balancer. two of them had the same read-only reentrancy gap. its more common than people think
rina 2 out of 3 protocols with the same bug is terrifying. balancer integrations are everywhere and most teams treat their contracts as trusted external calls
the attacker converting everything to ETH and bridging back to mainnet is the standard playbook now. wonder if arbitrum will ever implement bridge delay mechanisms
^ bridge delays would help but only if the exploit is caught fast enough. in most cases the funds are already mixed by the time anyone notices
arb bridge speed worked against them here. funds hit mainnet before anyone could react. the tradeoff between fast withdrawals and security keeps hurting l2s
1M loss is small but the balancer integration pattern is copy pasted across half of arbitrum defi. auditors need to start flagging read-only reentrancy on every external view call