As the Decentralized Finance (DFI) market continues to increase investor interest around the world, a few incidents have lit up a big spotlight on the vulnerability of the various platforms operating in this space.
For example, it was recently revealed that due to a buggy system upgrade, the prominent DFI Money Market compound put about 150 150 million worth of original COMP tokens at risk of third-party hacking.
Although the error was fairly recognized after the compound’s developers submitted a fix for the protocol bug, it is worth noting that the upgrade was handled by a seven-day lock, so no real effort was made to fix the issue until Oct. The bug fix proposal has been successfully passed and will take effect in October, but it may not be the end of this story.
Taking to Twitter after the bug was uncovered, compound founder Robert Lesnar admitted that 202,472.5 comps worth about $ 64 million were at risk at the time of writing, as the protocol’s “drip function” was first called into action for more than 60 days. The drip function is designed to make available to users any token stored in the compound’s reservoir, with 0.5 COMP deposited by the reservoir per block.
Lesnar after the incident Note All the COMP tokens that exist today – which are currently “reserved for users” – are stored in the aforementioned reservoir system of the platform. This revelation could have played a big role in the decline in the price of COMP, so much so that after the initial detection of the bug, the price of COMP quickly crashed from $ 330 to $ 286, only for a strong recovery after that, according to data from Cointelegraph Markets Pro. .
That said, since Oct. 3, the token has been steadily declining as the value of digital assets has dropped from a point of about 350 350, leaving its 30-day loss at 40% from the local peak of about 25 525.
Asked about the severity of the problem and what he believes could happen in the platform’s local resource pool in the next few days, Lesnar told Quintelegraph that what needs to be said about the issue has already been covered “adequately”, thus refusing to comment further. Being done.
The DFI community has a say
To get a better overview of what this whole phenomenon means for the crypto ecosystem, Cointelegraph reached out to Winston, the pseudonym moderator of DFI Yield Agricultural Collector Harvest Finance. In their view, although for the most part, the community was honest enough to return large sums of funds, such reliance cannot always be relied upon to rely on platforms.
He added: “This defeat, no doubt, could have led the team better but it also shows how these ‘security features’ could have hampered rather than helped the project.” Winston goes on to say that he hopes to learn:
“Many protocols will begin to consider the advantages of short-term locking so that not only do such events occur, but they are able to run more flexibly and faster.”
Sushi-swap developer Mudit Gupta criticized the use of time-locks in the governance work of the compound, claiming that since the bug was discovered on September 30, about 100 people were aware of the threat posed by the drip function, no action was taken at the time-delay function site. Due to stay.
Gupta went further Warn Defy users claim about the various risks associated with an upgradeable smart contract that they are not “big” by their design [DeFi] Primitive. “He adds that” upgrades are considered more of a bug than a feature. “
That being said, it should be noted that Sushi Swap was also on the verge of a recent hack, which saw the token launchpad of a malicious third-party agent platform compromise MISO’s supply chain with 3 million. Not only that but towards the end of September, there were also reports that there was a hacker Marked A vulnerability that could threaten SushiSwap’s বেশি 1 billion user fund.
Technical bugs are not new
George Harap, co-founder of Solana-based portfolio visualization platform Step Finance, told Quintelegraf that crypto bugs, exploits and hacks are not really new in this space, adding that such examples are a part of an industry and parcels where everything is digital.
Also, in a tweet, Lesnar Issued A stern warning to wrong token recipients, stating that any wrong acquisition would have potential real-world consequences প্রাথমিক primarily in the form of action taken by the U.S. Internal Revenue Service (IRS). In this regard, Harp says:
“More interesting is the compound founder’s response rather than the bug where he threatened Docs users. This is not a good example for anything in DFI and I think many are reason to reconsider their involvement collectively. “
Providing some alternative ideas on the subject, Orb’s DFI developer Rotem Yakir, a public blockchain infrastructure designed for close integration with Ethereum Virtual Machine- (EVM) -based layers, told Quintelegraf that the composite is a complete component. The difficulty of being, fails to say in more detail in the statement. However, he added:
“Comp is one of the most prominent projects in DFI space and although it may hit, it won’t kill them and eventually they will become stronger.”
It is noteworthy that although Lesnar’s tweet stated that approximately 117,000 comp – valued at $ 37.6 million – were returned to the protocol after initial error was detected, Yearn.finance developer banteg Note One-third of the funds at risk by the drip function have already been claimed by users at half past one on Sunday afternoon.
According to Banteg estimates, the total value of COMP tokens at risk as a result of the bug now stands at 147 million.
Related: DAO can solve important dilemmas but more education is needed
So, while this interesting information is now available to everyone, this phenomenon can set an example of how such phenomena can occur within the DFI ecosystem. DFI enthusiasts are hopeful that the situation will reach some sort of solution, especially after the bug withdrawal proposal votes are successful – the wrongly transferred assets are expected to return to them properly – as it could otherwise damage the potential image of the sector.