Seneca

2023-11-15

Security researcher 'cawfree' (Daniel Von Fange) identifies the arbitrary external call vulnerability in Seneca's Chamber contract during a Sherlock competitive audit contest.

2023-11-15

Seneca abruptly cancels the Sherlock audit contest, citing 'potential code licensing issues,' and announces a launch in five days without addressing the identified vulnerability.

2023-11-20

Seneca Protocol launches on Ethereum and Arbitrum with the known vulnerability present in deployed contracts.

2023-12

Halborn Security completes an audit of Seneca's contracts. The arbitrary call vulnerability is not flagged. The protocol continues operating.

2024-02-28

Attacker exploits the Chamber contract's performOperations function, draining approximately $6.4 million (1,900+ ETH and 50,000 senUSD) from user wallets across Ethereum and Arbitrum.

2024-02-28

Seneca team acknowledges the exploit, instructs users to revoke token approvals, and notes that contracts cannot be paused. Team begins deleting exploit-related messages from Discord and bans users discussing the incident.

2024-02-28

Seneca sends an on-chain message to the attacker offering a 20% bounty (approximately $1.28 million) in exchange for return of 80% of funds and no legal action.

2024-02-29

Attacker returns approximately 1,537 ETH (~$5.3 million) to Seneca's Gnosis Safe address, accepting the bounty proposal. The attacker retains approximately 300 ETH (~$1 million).

2024-02-29

SEN token price drops 65–80% from pre-exploit levels following public disclosure of the exploit.