The blockchain security OpenZeppelin team finds a potential $15 billion rug pull in Convex Finance which they managed to fix before something terrible happened so let’s read more in our latest cryptocurrency news.
OpenZeppelin is a security audit company for Coinbase which managed to identify a $15 billion rugpull vulnerability on Convex Finance. The discovery occurred during a review of the Convex Finance protocol. The Security Research team found last year that a huge bug in the protocol could have led to putting the $15B worth of locked assets at huge risk. The investigation revealed that if two of the three signers of the multi-sig executed a few steps, users will be able to access the LP tokens staked in the target pool and conduct the attack that could have left the users with no assets in the pool.
A full write-up of the bug disclosure from December 2021 from @OpenZeppelin.
Additional information regarding this disclosure can also be found in Convex documentation: https://t.co/NE4JSUhYa6 https://t.co/XrzmpgmVeh
— Convex Finance (@ConvexFinance) April 4, 2022
The documentation from Convex stated that such a disaster happening to the LP pools will not be possible but the security team identified ways of exploiting the vulnerabilities that were patched by Convex by the end of 2021. Convex Finance is an open-source protocol whose developers remained anonymous since its launch. For example, OpenZeppelin indicated that the developers of Convex Finance can actually be the ones that exploit the vulnerabilities and the disclosure regarding the incident became hard due to the nature of anonymity.
After analyzing the code and the efforts by Convex to exploit the vulnerabilities, OpenZeppelin asserted that the vulnerability was not intentional and that the Convex developers were actually good-faith actors. The public disclosure created a perverse incentive for the developers and contributed to the loss of anonymousness crucial to the team of Conex. As such, OpenZeppelin also decided to reach out to the bug bounty partner Immunefi for the introduction of an intermediary between Convex and OpenZepplin.
After both parties agreed to invite known entities to multi-sig, and make the rug pull impossible, OpenZeppelin disclosed the bug to Convex after making sure that they won’t take any advantage of the vulnerability.
buy fluoxetine online https://gaetzpharmacy.com/fluoxetine.html no prescription
Convex patched the issue and ended the risk.
As recently reported, The Convex Finance cVX token crashed just recently after a bug forced a token to unlock on the platform and dragged the prices down. The Convex Finance team wrote that it deployed the contracts that were responsible for the vote-locking governance mechanism after the discovery of the bug that will grant users some disproportionate rewards.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post