Audit log

Every state-changing event for Seneca Protocol: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-06-01 17:49:15Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 423,640,452

   sig

   3jkhxfPvGMaR…A3UTMvTHcopyexplorer ↗

   hash

   GyCr243MuRQ8…kK4aYbgqcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (17045 B) ▸

   {"actor":"system:backfill","investigation_id":"d6079310-56eb-4c82-8371-39d462fa9cf3","kind":"publish","page_slug":"seneca-protocol","published_at":"2026-06-01T17:49:15.596Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Seneca Protocol","sections":[{"content":"On February 28, 2024, an attacker exploited a critical vulnerability in Seneca Protocol's Chamber smart contract, draining approximately $6.4 million (over 1,900 ETH) across Ethereum mainnet and Arbitrum. The vulnerable function, `performOperations`, was publicly callable and accepted three attacker-controlled parameters: an `actions` int8 array, a `values` uint256 array, and a `data` bytes array. By setting `actions[0]` to the value 30 — corresponding to the internal `OPERATION_CALL` constant — the attacker triggered the internal `_call` function, which executed `callee.call{value: value}(callData)` with fully attacker-controlled `callee` and `callData`. This allowed the attacker to craft calldata invoking `transferFrom()` on token contracts, specifying user wallet addresses as sources and attacker-controlled addresses as destinations. Because users had previously granted token spending approvals to the Chamber contracts (a standard requirement to interact with the protocol), the Chamber contracts held sufficient allowances for the attacker to transfer tokens directly from users' wallets without the users initiating any transaction. The attack was approval-based: the attacker did not need to interact with the protocol's deposit or borrowing logic at all. PeckShield Inc. was among the first to publicly identify the exploit on-chain.","heading":"February 2024 Exploit — Arbitrary Call via performOperations","severity":"critical","sources":[{"credibility":2,"name":"Cyfrin: Exploit Analysis & Proof of Concept — Seneca Attack","type":"research","url":"https://www.cyfrin.io/blog/seneca-attack-hack-analysis-proof-of-concept"},{"credibility":2,"name":"BlockApex: Seneca Protocol Hack Analysis","type":"research","url":"https://blockapex.io/seneca-protocol-hack-analysis/"},{"credibility":2,"name":"Rekt News: Seneca Protocol — REKT","type":"news_article","url":"https://rekt.news/seneca-protocol-rekt"},{"credibility":1,"name":"The Block: Stablecoin protocol Seneca hit by $6 million exploit","type":"news_article","url":"https://www.theblock.co/post/279761/stablecoin-protocol-seneca-hit-by-6-million-exploit-due-to-smart-contract-flaw"}]},{"content":"A significant aggravating factor in the Seneca exploit was the protocol's inability to pause its contracts during an active attack. Although the Chamber contract inherited the OpenZeppelin `Pausable` library, the `_pause` and `_unpause` functions were declared internal and no external or privileged wrapper function was implemented to invoke them. As a result, the Seneca team had no emergency mechanism to halt malicious activity once it was detected. Users were left to individually revoke their token approvals to protect themselves. Seneca instructed users via its official X account (@SenecaUSD) to revoke approvals for specific contract addresses on both Ethereum and Arbitrum in the immediate aftermath of the attack. The absence of a circuit-breaker or guardian role is a recognized gap in the protocol's design that post-mortem analyses from both BlockApex and Cyfrin flagged as a core contributing factor to the scale of losses.","heading":"Missing Pause Mechanism — Inability to Stop the Exploit","severity":"high","sources":[{"credibility":2,"name":"BlockApex: Seneca Protocol Hack Analysis","type":"research","url":"https://blockapex.io/seneca-protocol-hack-analysis/"},{"credibility":2,"name":"Rekt News: Seneca Protocol — REKT","type":"news_article","url":"https://rekt.news/seneca-protocol-rekt"},{"credibility":2,"name":"Seneca on X: Revoke approvals advisory","type":"official","url":"https://x.com/SenecaUSD/status/1762886130561630227"}]},{"content":"Reports emerged after the exploit that the vulnerability — or one closely related to it — had been identified and communicated to the Seneca team prior to the February 2024 attack. Security researcher Daniel Von Fange publicly stated that he identified the approval bug in Seneca's code and was subsequently removed from the project's Discord server, with the team allegedly deleting references to the exploit report. A separate X user going by the handle 'cawfree' similarly claimed to have warned the project of this specific vulnerability in November 2023, after which they were blocked by Seneca. Additionally, an audit contest hosted on the Sherlock platform was reportedly abandoned approximately five days before the protocol's November 2023 launch, with the team stating at the time that the code was 'battle-tested.' Halborn Security had conducted a prior audit of the Chamber contract, but the arbitrary external-call flaw in `performOperations` was not flagged in their published findings. The attacker's funding address had received funds through FixedFloat approximately five months before the exploit and remained dormant until February 28, 2024, consistent with pre-planned exploitation. These allegations are sourced from social media disclosures and have not been independently adjudicated; they are presented here as alleged.","heading":"Prior Warnings and Canceled Audit — Alleged Suppression of Vulnerability Reports","severity":"high","sources":[{"credibility":2,"name":"Protos: Seneca Protocol hack highlights dangers of Ethereum's token approval mechanism","type":"news_article","url":"https://protos.com/seneca-protocol-hack-highlights-dangers-of-ethereums-token-approval-mechanism/"},{"credibility":2,"name":"Rekt News: Seneca Protocol — REKT","type":"news_article","url":"https://rekt.news/seneca-protocol-rekt"}]},{"content":"On February 29, 2024, one day after the exploit, the Seneca team published an on-chain message requesting that the attacker return 80% of the stolen funds, offering to allow the attacker to retain 20% (~$1.28 million) as a bounty and indicating that compliance would preclude legal action. The attacker accepted these terms, returning approximately 1,537 ETH (worth roughly $5.3 million at the time) to a Seneca Gnosis Safe address. The attacker retained approximately 300 ETH (~$1.04 million) across two separate addresses as the negotiated bounty. Seneca confirmed on March 1, 2024, that 80% of stolen funds had been recovered and stated it was developing a user reimbursement plan. The attacker also stole approximately 50,000 senUSD from a Seneca team address that had been approved 33 days prior to the attack but never deployed — this amount was included in the overall loss figure.","heading":"On-Chain Negotiation and Partial Fund Recovery","severity":"high","sources":[{"credibility":2,"name":"CryptoNews: Seneca Hacker Returns $5.3M Amid Legal Threats","type":"news_article","url":"https://cryptonews.com/news/seneca-hacker-returns-5-3m-amid-legal-threats-keeps-1m-bounty/"},{"credibility":2,"name":"CryptoPotato: Seneca Recovers 80% of Funds After $6.4M Exploit","type":"news_article","url":"https://cryptopotato.com/seneca-recovers-80-of-funds-after-6-4m-exploit/"},{"credibility":1,"name":"CoinTelegraph: Seneca stablecoin hacker returns stolen funds after $6.4M exploit","type":"news_article","url":"https://cointelegraph.com/news/seneca-hacker-returns-stolen-funds-exploit"},{"credibility":2,"name":"Rekt News: Seneca Protocol — REKT","type":"news_article","url":"https://rekt.news/seneca-protocol-rekt"}]},{"content":"Seneca Protocol published a post-mortem on Mirror on March 1, 2024, acknowledging the exploit and apologizing to the community. The post-mortem committed to implementing remedial security measures, including proper input validation on the `performOperations` function, access controls restricting who may invoke sensitive operations, and a functioning pause/unpause mechanism. As a temporary mitigation following the exploit, the team arranged for the `_transferFrom` functions of deposit assets to be blacklisted, preventing further abuse of the vulnerable pathway. The protocol stated it would release a follow-up article detailing the user reimbursement process. The SEN token declined by approximately 65% in the immediate aftermath of the exploit, falling from roughly $0.10 to below $0.04. As of the time of this investigation, Seneca Protocol remains live with a substantially reduced TVL as tracked by DefiLlama.","heading":"Official Post-Mortem and Protocol Response","severity":"medium","sources":[{"credibility":2,"name":"Seneca Exploit — Post Mortem (Mirror)","type":"official","url":"https://mirror.xyz/0x289D0033d536eb3Ff53367f0A8CceA00d4Ac63a0/_VPi_1T8CWsnQctOA4Z8WS8jKc2B6lIV0hPcQ2Kb-c4"},{"credibility":2,"name":"crypto.news: Seneca Protocol experiences $6m breach, SEN drops 65%","type":"news_article","url":"https://crypto.news/seneca-breach-sen-drops/"},{"credibility":2,"name":"DefiLlama: Seneca Protocol TVL","type":"on_chain","url":"https://defillama.com/protocol/seneca"}]},{"content":"The Seneca Protocol team has not publicly disclosed the real identities of its founders or core developers. The protocol's codebase includes references to a developer handle 'blockchainPhysicist', which is pseudonymous. The team communicated primarily through the @SenecaUSD X account and a Telegram group. No named founders, advisors, or legal entities have been identified in Tier 1 or Tier 2 sources. The anonymous nature of the team limits accountability in the context of the exploit and the alleged suppression of prior vulnerability reports.","heading":"Pseudonymous Team and Disclosure Gaps","severity":"medium","sources":[{"credibility":2,"name":"Seneca Protocol Documentation — GitBook","type":"official","url":"https://seneca-protocol-docs.gitbook.io/seneca-protocol"},{"credibility":3,"name":"Seneca (@SenecaUSD) on X","type":"official","url":"https://x.com/SenecaUSD"}]},{"content":"The Seneca exploit is a documented case study in the systemic risks posed by Ethereum's token approval mechanism when combined with flawed smart contract design. Users who had granted unlimited token approvals to Seneca's Chamber contracts — a common practice to avoid repeated transaction fees — were directly exposed to the attacker's `transferFrom` calls even though they had not taken any action during the attack window. Revoke.cash identified the Seneca Chamber contracts as exploit-affected and recommended users check and revoke outstanding approvals. The incident reinforces best practices including granting only minimum necessary approvals, using per-transaction approval flows, and auditing outstanding allowances regularly using tools such as Revoke.cash or Etherscan's token approval checker.","heading":"Token Approval Risk for End Users","severity":"high","sources":[{"credibility":2,"name":"Revoke.cash: 2024 Seneca Hack — Check If You're Affected","type":"research","url":"https://revoke.cash/exploits/seneca"},{"credibility":2,"name":"Protos: Seneca Protocol hack highlights dangers of Ethereum's token approval mechanism","type":"news_article","url":"https://protos.com/seneca-protocol-hack-highlights-dangers-of-ethereums-token-approval-mechanism/"}]}],"sources_used":[{"name":"The Block: Stablecoin protocol Seneca hit by $6 million exploit","type":"news_article","url":"https://www.theblock.co/post/279761/stablecoin-protocol-seneca-hit-by-6-million-exploit-due-to-smart-contract-flaw"},{"name":"CoinTelegraph: Seneca stablecoin hacker returns stolen funds after $6.4M exploit","type":"news_article","url":"https://cointelegraph.com/news/seneca-hacker-returns-stolen-funds-exploit"},{"name":"Rekt News: Seneca Protocol — REKT","type":"news_article","url":"https://rekt.news/seneca-protocol-rekt"},{"name":"Cyfrin: Exploit Analysis & Proof of Concept — Seneca Attack","type":"research","url":"https://www.cyfrin.io/blog/seneca-attack-hack-analysis-proof-of-concept"},{"name":"BlockApex: Seneca Protocol Hack Analysis","type":"research","url":"https://blockapex.io/seneca-protocol-hack-analysis/"},{"name":"Seneca Exploit — Post Mortem (Mirror)","type":"official","url":"https://mirror.xyz/0x289D0033d536eb3Ff53367f0A8CceA00d4Ac63a0/_VPi_1T8CWsnQctOA4Z8WS8jKc2B6lIV0hPcQ2Kb-c4"},{"name":"CryptoPotato: Seneca Recovers 80% of Funds After $6.4M Exploit","type":"news_article","url":"https://cryptopotato.com/seneca-recovers-80-of-funds-after-6-4m-exploit/"},{"name":"Protos: Seneca Protocol hack highlights dangers of Ethereum's token approval mechanism","type":"news_article","url":"https://protos.com/seneca-protocol-hack-highlights-dangers-of-ethereums-token-approval-mechanism/"},{"name":"crypto.news: Seneca Protocol hacker returns $5.3m from the $6.4m breach","type":"news_article","url":"https://crypto.news/seneca-protocol-hacker-returns-5-3m-from-the-6-4m-breach/"},{"name":"CryptoNews: Seneca Hacker Returns $5.3M Amid Legal Threats","type":"news_article","url":"https://cryptonews.com/news/seneca-hacker-returns-5-3m-amid-legal-threats-keeps-1m-bounty/"},{"name":"Revoke.cash: 2024 Seneca Hack — Check If You're Affected","type":"research","url":"https://revoke.cash/exploits/seneca"},{"name":"DefiLlama: Seneca Protocol","type":"on_chain","url":"https://defillama.com/protocol/seneca"},{"name":"Seneca Protocol Documentation — GitBook","type":"official","url":"https://seneca-protocol-docs.gitbook.io/seneca-protocol"},{"name":"Seneca (@SenecaUSD) on X — Revoke approvals advisory","type":"official","url":"https://x.com/SenecaUSD/status/1762886130561630227"},{"name":"BlockApex Medium: Seneca Protocol Hack Analysis","type":"research","url":"https://blockapex.medium.com/seneca-protocol-hack-analysis-546f3bcc1040"}],"summary":"Seneca Protocol is an omnichain CDP (collateralized debt position) protocol deployed on Ethereum mainnet and Arbitrum that allowed users to borrow a stablecoin (senUSD) against yield-bearing collateral assets. On February 28, 2024, a critical arbitrary external-call vulnerability in the protocol's Chamber contract was exploited, resulting in approximately $6.4 million in user funds being drained. Roughly 80% of stolen funds were returned after an on-chain negotiation, but a net loss of approximately $1.28 million remained, and evidence surfaced that the vulnerability had been reported to the team prior to launch.","timeline":[{"date":"2023-11-01","event":"Seneca Protocol abandoned a competitive audit contest on Sherlock approximately five days before its planned launch, with the team reportedly describing the code as 'battle-tested.'","source":"Rekt News","source_url":"https://rekt.news/seneca-protocol-rekt"},{"date":"2023-11-01","event":"X user 'cawfree' allegedly warned Seneca of the exact performOperations vulnerability and was subsequently blocked by the team. Security researcher Daniel Von Fange also allegedly identified the bug and was removed from the project's Discord.","source":"Protos","source_url":"https://protos.com/seneca-protocol-hack-highlights-dangers-of-ethereums-token-approval-mechanism/"},{"date":"2023-11-08","event":"Seneca Protocol launched on Arbitrum, partnering with CamelotDEX to seed primary liquidity pools.","source":"Seneca (@SenecaUSD) on X","source_url":"https://x.com/SenecaUSD"},{"date":"2024-02-28","event":"Attacker (funded via FixedFloat approximately five months prior) exploited the Chamber contract's performOperations function, draining approximately $6.4 million (1,900+ ETH) from users across Ethereum mainnet and Arbitrum using crafted transferFrom calls.","source":"The Block","source_url":"https://www.theblock.co/post/279761/stablecoin-protocol-seneca-hit-by-6-million-exploit-due-to-smart-contract-flaw"},{"date":"2024-02-28","event":"PeckShield Inc. publicly flagged the attack on-chain. Seneca team confirmed the exploit and instructed users via @SenecaUSD to revoke approvals for affected Chamber contract addresses on Ethereum and Arbitrum.","source":"Seneca on X","source_url":"https://x.com/SenecaUSD/status/1762886130561630227"},{"date":"2024-02-29","event":"Seneca published an on-chain message offering the attacker a 20% bounty (~$1.28M) to return 80% of stolen funds and indicating legal action would not be pursued if funds were returned.","source":"CryptoPotato","source_url":"https://cryptopotato.com/seneca-recovers-80-of-funds-after-6-4m-exploit/"},{"date":"2024-02-29","event":"Attacker returned approximately 1,537 ETH (~$5.3 million) to Seneca's Gnosis Safe address, retaining approximately 300 ETH (~$1.04 million) as bounty across two new addresses.","source":"CoinTelegraph","source_url":"https://cointelegraph.com/news/seneca-hacker-returns-stolen-funds-exploit"},{"date":"2024-03-01","event":"Seneca published an official post-mortem on Mirror, apologizing to the community, confirming 80% fund recovery, and committing to a user reimbursement plan and protocol security improvements.","source":"Seneca Exploit — Post Mortem (Mirror)","source_url":"https://mirror.xyz/0x289D0033d536eb3Ff53367f0A8CceA00d4Ac63a0/_VPi_1T8CWsnQctOA4Z8WS8jKc2B6lIV0hPcQ2Kb-c4"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision e7b1f61b-6afe-4569-932d-325d28f7f7b3copy