TL;DR
- ParaSwap’s Quick Action: ParaSwap discovered a critical vulnerability in its newly launched Augustus V6 contract and acted swiftly to secure potential victims’ funds, averting a significant loss.
- Impact of the Vulnerability: Despite ParaSwap’s efforts, a hacker managed to cash out roughly $24,000 from four different addresses. The vulnerability impacted a total of 386 addresses.
- ParaSwap’s Commitment to Security: ParaSwap has shown its commitment to user security by proactively addressing the issue, safeguarding user assets, and urging users to take necessary precautions.
Decentralized finance (DeFi) aggregator ParaSwap has successfully averted a significant loss of funds by discovering a critical vulnerability in its newly launched Augustus V6 contract. The contract, which went live on March 18, promised greater efficiency in swapping gas fees than all its preceding contracts.
⚠️ We discovered a critical vulnerability affecting users who approved the Augustus V6 contract.
We took immediate action by pausing the V6 API and conducting a white hack that secured funds for users who were at risk. These funds are now securely held in a Safe Wallet…
— ParaSwap (@paraswap) March 20, 2024
The vulnerability could have allowed hackers to drain approved funds. However, ParaSwap acted swiftly upon discovering the flaw on March 20. The team paused the V6 application programming interface (API) and secured potential victims’ funds through a white-hat hack.
Despite ParaSwap’s proactive efforts to roll back the vulnerable V6 contract and inform users to take necessary steps, the hacker managed to cash out funds worth roughly $24,000 from four different addresses. ParaSwap disclosed that the vulnerability impacted a total of 386 addresses.
ParaSwap urged all users to withdraw permissions to the Augustus V6 contract to prevent further fund losses until the vulnerability is addressed. Additionally, the protocol requested users to come forward and report any unnoticed fund losses during the initial investigation.
ParaSwap’s Response to Augustus V6 Contract Vulnerability
In addition to pausing the V6 API, ParaSwap also deactivated support for the vulnerable V6 contract on its recently updated user interface (UI) and reverted to using V5. “We have successfully recovered funds for all addresses, and more details about the refund process will be shared soon,” the company said in their statement.
Affected users remain at risk as long as they haven’t revoked their approvals, so ParaSwap recommends individuals use exploit checker services like Revoke to confirm their safety.
This incident underscores the importance of rigorous security measures and swift response in the DeFi space. As the sector continues to grow, ensuring the security of smart contracts remains a top priority.
The rapid action taken by ParaSwap in response to the detected flaw in its Augustus v6 contract is a testament to its unwavering commitment to the security of its users. By proactively addressing the issue and safeguarding user assets, ParaSwap has proven its resolve to uphold a secure and dependable DeFi platform.