Discover more from DEFI TIMES Newsletter

Learn about Decentralized Finance on Ethereum, Polkadot, and more.

Over 1,000 subscribers

Another Day, Another Hack… Almost!

How a Paradigm researcher prevented another disastrous hack and why it’s kind of ironic

Fabian Klauder

Aug 20, 2021

Hey DEFI TIMES community,

This week, a researcher at Paradigm, called Sam Sun, prevented another disastrous hack that could have threatened hundreds of millions of dollars.

Last week, we talked about the Poly Network hack, where a hacker was able to remove over $600 million from the protocol’s token bridge. Luckily, the hacker gave back almost all of the funds!

This time, things could have gone wrong… almost!

Sam Sun explained how he examined the smart contract code for the BitDAO token sale. BitDAO has completed a token sale worth over $365 million - with over $230 million from Peter Thiel, Pantera Capital, Dragonfly Capital, and other partners. It was one of the largest token sales in the history of DAO’s.

Sam Sun pointed out that there was a critical bug that could have threatened the whole $365 million.

samczsun @samczsun

Just pulled off maybe the biggest whitehat rescue ever. Story time soon 🔥

Sun didn’t expect to find any bugs at first:

“I didn’t really expect this to be a vulnerability though, since I didn’t expect the Sushi team to make such an obvious misstep.”

After looking closer, he found a bug in the Miso Dutch auction contract. In fact, some of the functions apparently lacked access controls.

He tested the bug with a successful exploit and immediately contacted his colleagues Georgios Konstantopoulos and Dan Robinson to double-check.

“Suddenly, my little vulnerability just got a lot bigger. I wasn’t dealing with a bug that would let you outbid other participants. I was looking at a 350 million dollar bug.”

After that, Sam Sun contacted SushiSwap CTO Joseph Delong to rescue the funds. The SushiSwap and BitDAO team acted quickly: BitDAO manually ended the auction by buying the remaining allocation. Funds were safe!

But things could have gone differently! Why?

There’s a conflict of interest between SushiSwap and Paradigm. It’s widely known that Paradigm has a significant stake in Uniswap. Since SushiSwap is the main competitor of Uniswap, Paradigm basically saved their biggest enemy.

DCinvΞstor @iamDCinvestor

> found and helped patch a vulnerability that put over 109k ETH at risk everyone knows Paradigm has big UNI / Uniswap bags, but Sam from their team just helped save SushiSwap (an ostensible competitor) from a critical bug this is the ethos of the space among the best actors

samczsun @samczsun

Auditor's logs, 16th of August. I found a critical vulnerability in SushiSwap's MISO platform https://t.co/untzdxay7q

I wonder what would have happened if Sam Sun just left the bug to be naturally discovered. I think this would have significantly damaged SushiSwap’s reputation. It probably wouldn’t have killed SushiSwap completely, but Uniswap would have profited in a big way.

Things like this only happen in crypto!

Subscribe to our newsletter to level up your crypto game!

Gelato $GEL Whitelist Opening

DEFI TIMES @defitimes

BREAKING: ⁦@gelatonetwork⁩ Announces GEL Token Whitelist Opening ‼️ Learn more about it here⬇️

defitimes.ioGelato Network Announces GEL Token Whitelist Opening - DEFI TIMESGelato Network announced the whitelist opening for the upcoming sale of the native Gelato (GEL) token. Very recently, Gelato Network partnered with QuickSwap to enable native limit orders. Gelato is a protocol for automated smart contract executions on networks like Ethereum. Developers can leverage…

Gelato has announced their whitelist opening for the $GEL token sale.

Eindhoven Bitcoin payment

DEFI TIMES @defitimes

Football Club PSV Eindhoven will accept #bitcoin for a new sponsorship deal! 🚀 Read here! 👇 defitimes.io/news/european-…

defitimes.ioEuropean Soccer Club PSV Eindhoven to Accept New Sponsorship Deal Paid in Bitcoin - DEFI TIMESPSV Eindhoven has partnered with crypto trading platform Anycoin Direct for deal paying the club an undisclosed amount of Bitcoin.

The popular European football club PSV Eindhoven announced they will accept bitcoin for a new sponsorship deal!

AAVE and Curve on Avalanche

DEFI TIMES @defitimes

.@AaveAave and Curve will launch on @avalancheavax! 🚀 They will participate in Avalanche's new $180 million liquidity mining program! Read more here! 👇 defitimes.io/defi/avalanche…

defitimes.ioAvalanche Launches $180 Million Liquidity Mining Program - DEFI TIMESAvalanche is launching a brand new liquidity mining program to incentivize users and developers to use the Avalanche blockchain.

The two large DeFi blue chips, Aave and Curve, will launch on Avalanche within a $180 million incentive program.

Rainbow Supports L2s

Rainbow @rainbowdotme

What? RAINBOW is evolving! 🌈 starting today, u can now use Rainbow with Networks like @optimismPBC 🔴 @0xPolygon 🟣 & @arbitrum 🔵 (more coming in the future!) this update allows u to access a whole new side of Etheruem — download now & learn more: rainbow.me/learn/a-beginn…

rainbow.meA Beginner’s Guide to Layer 2 Networks | RainbowUp until recently, Rainbow and many other blockchain projects have only been compatible with Ethereum—the world’s public decentralized ledger. Ethereum is extremely secure and highly reliable, but it...

Rainbow, which is an Ethereum wallet, will now support Optimism, Arbitrum, and Polygon.

Tally Wallet

Tally @TallyCash

Let's build a community-owned wallet for the open internet 🐶💸 blog.tally.cash/a-community-ow…

blog.tally.cashA community-owned wallet for the open internetTally is a community owned and operated Web3 wallet, building off the road the early MetaMask team paved for the Ethereum community.

Tally Wallet has been announced - a Metamask competitor. It aims to bring a truly community-owned web3 wallet to the market.

1inch on Optimism

1inch Network @1inch

2/ 📻 Tune in to a positive wave as the #1inch Network expands to Optimistic Ethereum (#OΞ) by @optimismPBC! ⚡️ Dive into the pink portal with us and get a tremendous increase in the speed of your transactions. Read more ⤵️ blog.1inch.io/the-1inch-netw…

blog.1inch.ioThe 1inch Network expands to Optimistic EthereumThe deployment on Optimistic Ethereum (OΞ) will help to substantially increase transaction speeds and lower gas fees for 1inch users. As the 1inch Network continues to expand, the 1inch Aggregation…

1inch has announced that they launched on Optimism.

SuperRare token

SuperRare 💎 @SuperRare

Introducing $RARE 💎 🎨 A revolution in NFT art curation ❤️ Community owned and governed 💥 Diverse curatorial voices We’re putting the future of SuperRare and the power of curation into the hands of our community. Find out how ⬇️ superrare.mirror.xyz/fkGKcN1xVNRvfZ…

SuperRare has introduced $RARE and aims to decentralize the platform with a DAO.

QuickSwap Limit Orders

QuickSwap @QuickswapDEX

1/QuickSwap & Gelato partner to offer Limit Orders🔥 🍨We've had a busy month! With listings on @binance & @CoinbasePro, our latest #IDO & newly-launched limit orders powered by @gelatonetwork 🏦Trade with limit orders: quickswap.exchange/#/limit-order 👓More: bit.ly/QSlimito

QuickSwap has integrated limit orders - in partnership with Gelato.

Aave goes mobile

Aave @AaveAave

The 2001Defi team has submitted an @AaveGrants application to build a mobile app for Aave 👻📲 Read the proposal here: governance.aave.com/t/proposal-bui… Snapshot is open: snapshot.org/#/aave.eth/pro…

The Aave community made a proposal to build a mobile app. The app should grow the number of users and TVL.

Find us on:

DISCLAIMER: All information presented above is meant for informational purposes only and should not be treated as financial, legal, or tax advice. This article's content solely reflects the opinion of the writer, who is not a financial advisor.

Do your own research before you purchase cryptocurrencies. Any cryptocurrency can go down in value. Holding cryptocurrencies is risky.