Skip to content

πŸš‘ Recover funds from Eralend

Jump to bottom
coccoinomane edited this page Aug 11, 2023 · 1 revision

The exploit

In July 2023, Eralend lending protocol on zkSync Era was exploited. All USDC collateral was drained.

If you deposited USDC collateral, then you lost it. There is one way to recover it though: wait for someone to repay their USDC debt. When this happens, you need to withdraw your collateral as fast as possibile.

This is impossible to do by hand, because people are "sniping" the USDC collateral pool with bots. These bots will be faster than you could ever be. Unless, you use a bot yourself.

You can use web3cli as a bot for this purpose. There are two ways to do so.

Method 1: Recover your own debt

If you have USDC debt to repay, and USDC collateral to recover, then you are in the best situation. Because you can control when to repay debt. And when you decide to do so, you immediately withdraw the same USDC you repaid to the pool.

To do so:

  1. Install web3cli following the instructions in the README. For Windows, follow the tutorial in the wiki. Please note that this recovery method has not been tested on Windows yet, but it should work.

  2. Add a signer to web3cli:

    w3 signer add mywallet

    You will be asked for your private key. The signer is required to send transactions. The private key will be saved on your computer in encrypted form. You can delete it at any time with this command w3 signer delete mywallet.

  3. Let's do a test, and try to recover just 0.01 USDC. Launch this command:

    w3era compound-v2 recover nusdc 0.01 --n 2 -s mywallet --gas-limit 3_000_000 --no-call

    The command will try to repay 0.01 USDC of debt, and then immediately after make 2 attempts to withdraw the same amount of USDC collateral. Don't worry, you will be asked for confirmation before sending the transactions. Please note that you will be paying gas for these transactions, even if they fail! If you are stingy, make sure to wait for a moment where the gas fee is low πŸ™‚

  4. Once the transactions are sent, web3cli will show you the transaction hashes. Search for them in the block explorer to see whether they were successful. A successful withdraw transaction will look like this one.

  5. If the first test worked fine, re-launch the command with a bigger amount of USDC. Try for example with 5 USDC:

    w3era compound-v2 recover nusdc 5 --n 2 -s mywallet --gas-limit 3_000_000 --no-call

    As you grow confidence in the script, you can further increase the USDC amount. I suggest splitting the recover process in at least 6-7 transactions. In this way, even if some attempts fail, you will still have enough debt to help you recover your collateral.

Method 2: Recover someone else's debt

Ok, but what if you don't have any USDC debt to repay? Well, you can wait for somebody else to repay their USDC debt, and withdraw immediately after.

This operation requires a sniping script, and will likely result in many transactions to be sent before actually recovering some USDC. I am working on the script, let me know if you are interested in it πŸ™‚

Clone this wiki locally