A DeFi bug just froze $30,000 worth of ETH coins in a smart contract forever because of a typo in the Hegic smart contract as we are reading further in our ETH news.
The security firm Trails of Bits told Hegic to start delaying the deployment of smart contracts as tempers flared between both sides. The situation outlined the need for smart contract evaluations that investors can easily comprehend. Hegic, a DeFi options trading protocol which has been forced to redeploy the smart contract after a Defi bug just froze $30,000 of ETH when it rendered the options contracts as unlockable.
DeFi saw its fair share of exploits but there was nothing quite as simple as the latest incident with Hegic. There was no hacker or exploit that started the attack. The issue started after a simple typo was entered into the codebase. Instead of the line of code that unlocks the liquidity which was ‘’OpitonsIDs’’, the developer published OptionIDS and missed a ‘’s’’ letter in the line of code caused the liquidity unlocking the downfall.
‼️ ALERT A typo has been found in the code. Because of that, liquidity in expired options contracts can’t be unlocked for new options. ‼️ Please EXERCISE ALL OF YOUR ACTIVE OPTIONS CONTRACTS NOW. Everyone will be 100% REFUNDED with the amount of premium that you paid for options.
— Hegic (@HegicOptions) April 25, 2020
The users could withdraw their funds but they couldn’t have been unlocked once the error was made. The creator and the developer for Hegic, Molly Wintermute, issued multiple warnings on Twitter, Telegram, and Discord. Hegic promised to make the liquidity providers again by reimbursing the premiums paid and the losses on the existing positions. The CEO of Trail of Bits Dan Guido explained on Twitter and cleared the air after the company got attacked for reviewing the code of Hegic.
Guido stated that the code review is not a safety certification but rather a framework for the developers to easily understand the flaws in the code and to repair them. The excerpt from the code review can be easily seen on Github. He also indicated that the company didn’t have a lot of time to audit the code. Wintermute explained that the requested a review and asked if the audit will be full or partial.
Love you Lasse but strongly disagree with this take.
1. Auditors complement/improve teams practices, not ensure perfection. An audit report is not a blessing.
2. Time spent is not binary it's a scale. Hegic had a "small" audit.
3. So many follow up recommendations not followed
— 🤖 Leshner (@rleshner) April 25, 2020
The company said that a three-day code review will be enough to provide better coverage for smart contracts. The developer of Hegic stated that she implemented ideas that are evidenced in the summary of the review. For other users that can audit code, it is not an issue as they can easily find bugs and potential attackers.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post