TechFlow reports, according to The Block, that Stars Arena, a social protocol built on Avalanche, has a critical vulnerability allowing anyone to steal AVAX tokens from the project's smart contracts.
The security flaw puts at risk over $1 million worth of assets locked within its smart contracts. Analyst lilitch.eth first identified the issue, noting that a flawed getPrice() function enables hackers to repeatedly call the contract and drain funds. The Block Research has since confirmed the vulnerability.
Despite this flaw, high network transaction fees on Avalanche are currently acting as a deterrent to malicious actors, who would need to make multiple contract calls to fully drain the funds. As a result, attempts to extract money from the protocol are currently unprofitable.
Launched in September, Stars Arena is a social protocol inspired by Friend.Tech. Within just two weeks of launch, its TVL surpassed $1 million, driving a significant surge in on-chain transactions across the Avalanche network.




