Cardano-Based DEX MinSwap Fixes Vulnerability That Could Have Cost Millions

A Cardano-based decentralized exchange, Minswap, has revealed that it has completed a maintenance mode which has helped the protocol fix a major vulnerability that could have led to a huge amount of loss for the team.

According to a blog post published by the team, they were first alerted to the vulnerability on March 22 after they had allowed developers to audit their smart contract. This led to the identification of a “critical vulnerability that would allow someone to drain all the Liquidity in the Smart Contract.”

The Discovered Vulnerability

Minswap revealed that the vulnerability would have allowed a bad actor to “ mint duplicated pool NFT tokens and use those NFT tokens to mint infinite LP tokens of any pool.”

The team, however, prevented this unsavory situation from happening as it used the exploit itself to drain the liquidity into new liquidity pools that have been created on a new smart contract.

Minswap team was able to calm frayed nerves who questioned how the team arbitrarily moved liquidity from one smart contract to another. In response to these allegations, the team wrote:

Minswap Team cannot migrate liquidity at its own will from one Smart Contract to another… the vulnerability and exploiting it made it possible to migrate funds into the new, upgraded contract where this vector was patched.

Minswap Says Users Funds are Safe

Minswap has revealed that all users’ funds on the DEX are safe and that the asset position of each user remains unaffected despite the 50 hours glitch.

The team also stated that as a way of compensating their users, liquidity providers in the MIN/ADA have been given an NFT boost until March 25.

While the Minswap team was lucky enough for the error in their smart contract not to have led to the loss of millions for their users. Several DeFi projects have not been that lucky as they have recorded a humongous amount of losses due to the exploitation of their smart contract by malicious players.

This has led to the need for DeFi teams to always audit their projects so that they can always help to protect their users.