As the decentralized financial market (DeFi) continues to intrigue investors around the world, several incidents have drawn attention to the vulnerabilities that various platforms operating in this space are constantly exposed to.
For example, it was recently revealed that due to a faulty system update, a well-known money market DeFi connection exposed its COMP tokens worth about $150 million at risk of being hacked by a third party.
Although the bug was discovered very early on when Compound-devs provided a solution to the protocol bug shortly thereafter, it should be noted that the update is subject to a seven-day lockout, as a result of which no concrete resolution could be made before on October 7. The suggestion to fix the bug has since been successful and should be implemented on October 9th, but that may not be the end of the story.
In a tweet after the bug was discovered, Compound founder Robert Leschner admitted that 202,472.5 companies, valued at about $64 million at the time of writing, were at risk due to distributing the protocol’s “drip function” for the first time in more than 60 years. … -days. The drip function is designed to make all the tokens stored in the communication tank available to users, with the tank accumulating 0.5 COMP per block.
In the aftermath of the incident, Lischner noted that the vast majority of all COMP tokens in existence today — which are currently “reserved to users” — are stored in the platform’s said tank system. This discovery could have played a huge role in the devaluation of companies, so much so that after the initial misdiagnosis, the price of COMP fell rapidly from $ 330 to $286, and then according to Cointelegraph Markets Pro.
However, since October 3, the token has been dropping steadily, dropping the value of the digital asset from around $350, giving losses in 30 days to 40% from a local high of around $525.
When asked to share his views on the severity of the issue and what he thinks could happen to the platform resource over the next few days, Leschner told Cointelegraph that everything that needs to be said about the issue has already been covered. “Adequately,” so they declined to comment further.
This is what the DeFi community says
To get a better idea of what this event means for the crypto ecosystem as a whole, Cointelegraph contacted Winston, the loan broker for DeFi Harvest Finance’s revenue pool. In their opinion, although the community has been mostly completely honest and returned most of the money, it is not always possible to rely on this kind of trust to keep the platforms down.
He went on to add, “The team could certainly have handled this failure better, but it also shows how sometimes these ‘security features’ can derail a project rather than help it.” Winston went on to say that he hoped it would be learned:
“Many protocols will start to take into account the benefits of shorter temporary blocks to not only prevent this kind of thing, but also to make it more flexible and able to move quickly.”
SushiSwap developer Mudit Gupta has criticized the combination’s use of temporary locks for administrative purposes, saying that only about 100 people have been aware of the threat from the dropper post since the bug was discovered on September 30, and no action has been taken since. Because there is a time delay function.
Gupta warned DeFi users about the various risks associated with scalable smart contracts, arguing that in their own design, they were not designed for the “big [DeFi] fundamentals.” He added that he also considers “the ability to update as a bug, not a feature.”
However, it should be noted that SushiSwap was recently hit by a hacker attack where a malicious third-party agent breached the supply chain of the MISO platform to unlock $3 million. Not only that, but in late September, reports emerged that a hacker discovered a vulnerability that could have compromised more than a billion dollars of user resources stored in SushiSwap.
Technical errors are not new
George Harrab, co-founder of Solana-based wallet visualization platform Step Finance, told Cointelegraph that crypto, corporate, and hacking bugs are not really new in the field, adding that such deposits are an integral part of an industry where everything is digitized. …
In addition, Lischner strongly warned recipients of the wrong tokens in his tweet, noting that illegal acquisitions could have real consequences — primarily in the form of tax actions.