Critical Multichain Signature Replay & Stale Execution Vulnerabilities in Lombard Finance and…

By Jsmzproduction · Published May 11, 2026 · 1 min read · Source: Blockchain Tag

Critical Multichain Signature Replay & Stale Execution Vulnerabilities in Lombard Finance and Ethena — Still Fully Functional

Press enter or click to view image in full size

JSZM Ghost Service has identified two independent critical vulnerabilities that remain exploitable as of May 11, 2026.

Lombard Finance (Consortium Protocol)

Signature replay across chains (Base → Ethereum/Arbitrum) due to incomplete EIP-712 domain separation.
• Contract: 0xdad58Dfa5c1a7a34419afdbe1f0d610efeea95e4
• Truncated real calldata and signature from Base mainnet available privately.
Ethena / Synthetix V3
• Stale signature minting via missing deadline in OrderCommitmentRequest struct.
• vm.warp tests confirm successful execution and extraction even hours/days later.
Both vectors allow atomic takeover or large-scale insolvency extraction without new signatures. No visible patches detected.
Proofs (truncated for responsible disclosure) attached in screenshots.
Full PoC + recommended fix available under NDA.
@LombardFinance @ethena @Immunefi
Private resolution remains possible. Public disclosure is not the goal — it is the last resort.
#DeFi #Security #SmartContracts

This article was originally published on Blockchain Tag and is republished here under RSS syndication for informational purposes. All rights and intellectual property remain with the original author. If you are the author and wish to have this article removed, please contact us at [email protected].