Introduction:
Decentralized finance (DeFi) aggregator ParaSwap recently detected a critical vulnerability in its Augustus v6 contract, which could have resulted in significant fund losses. Through quick action and a white hat intervention, ParaSwap managed to secure the affected funds and prevent further exploitation of the vulnerability.
The Vulnerability and Response:
On March 18, ParaSwap launched its Augustus v6 contract with the goal of enhancing swapping efficiency and reducing gas fees. However, a critical vulnerability in the contract was discovered on March 20, potentially allowing hackers to drain funds.
Upon discovering the vulnerability, ParaSwap promptly paused the v6 API and conducted a white hat intervention to secure the funds of potential victims. Despite these efforts, the hacker was able to cash out approximately $24,000 from four different addresses before the vulnerability was neutralized.
Actions Taken and Future Plans:
To protect users, ParaSwap advised all users to revoke permissions to the Augustus v6 contract and deactivated support for the vulnerable contract on its UI, reverting to using v5. The company successfully recovered funds for all affected addresses and plans to reimburse victims. Details about the refund process will be shared soon.
Remaining Vigilant:
ParaSwap urged affected users to report any loss of funds that may have been overlooked during the initial investigation. Users are also advised to use exploit checker services like Revoke to confirm their safety.
Conclusion:
ParaSwap's swift response to the vulnerability in its Augustus v6 contract demonstrates its commitment to user security. By taking proactive measures and securing user funds, ParaSwap has shown its dedication to maintaining a safe and reliable DeFi platform.