The blockchain developer, @samczsum tweeted about a white hack attempt to check vulnerability issues in MISO and stopped it today. He tweeted about the process and the reason for testing the vulnerability.
The full record is now available in the paradigm blog, seriously pointing at there should be more checking before combining components in the blockchain products, especially DeFi platforms.
MISO is the launchpad in the SushiSwap ecosystem that helps new teams launch their IDO or other initiatives easier and faster. The vulnerability could help hackers exploit projects if samczsum didn’t test and report it.
The Importance of Security Testings
One of the biggest advantages of blockchain projects is the community-centered development process. Groups of developers around the world help build software that could serve millions of people.
But sometimes, this approach may cause hams to the final products. Especially in DeFi platforms, development groups build different components and combine them together. Many believe that when each component is secure and safe, the final product will be safe, too.
But the recent incident in MISO showed that the combination might become vulnerable. As samczsun describes it in his blog post titled: “Two Rights Might Make A Wrong.”
The white hacker tested a vulnerability in the MISO platform and found a bug that could result in a 109 ETH exploit in this service. MISO is the launchpad for projects that want to launch IDO or other initiatives on SushiSwap.
This developer founded the bug and helped the development teams patch the vulnerability fast. The interesting thing about his blog post is the detailed records and information about all of the steps of finding and solving the issue. Encounter, discovery, disclosure, preparation, rescue, and reflection are fully detailed in the blog post.
The whole process took about five hours and helped MISO protect about $350M. According to samczsun:
“The past few hours feel like a blur, almost as though no time has passed at all. I had gone from encounter to discovery in a little over half an hour, disclosure in 20 minutes, war room in another 30, and a fix in three hours. All in all, it took only five hours to protect 350 million USD from falling into the wrong hands.”
The most important point of the recent incident for DeFi teams, especially in SushiSwap, is the sentence that this white hacker points on saying “safe components can come together to make something unsafe.” it showcases the necessity for complete security checks and audits in DeFi products.
If you found this article interesting, here you can find more DeFi News