Slow Fog: The core reason for the zkLend theft lies in the market contract using the safeMath library

ChainCatcher message, regarding today's zkLend theft of over 9 million dollars, SlowMist released an analysis stating that the core reason for this attack lies in the safeMath library used in the market contract. During division calculations, direct division was used, resulting in a rounding vulnerability when calculating the actual amount of zToken that needs to be burned during withdrawals. Attackers may exploit this vulnerability to gain illegal benefits.

Users are advised to closely monitor their asset status on zkLend and temporarily halt any deposit actions related to zkLend to avoid potential losses.