Sign Up on MEXC
A vulnerability in the Opyn DeFi contract allowed hackers to steal up to 371,260 USDC. Put oTokens (oETH) from Uniswap on Opyn had a flaw which allowed ‘double spending’ of value.
Tim Ismilyaev, CEO and Founder at Mana Security, explained the hack to us in layman terms,
In one of the transactions, the attacker sent 75 ETH and got 150 ETH equivalent in USDC.
The smart contract responsible for the operation had two “vaults”, which contained enough assets to pay the collateral. But after sending 24,750 USDC (e.g., 75 ETH), the contract didn’t burn the attacker’s balance, so after switching to the next vault, it assumed that the attacker should get another 24,750 USDC. That’s commonly called “double spend.”
The developing team behind Opyn attempted to retrieve the funds back by using white hacks methods and paying up to 20% extra on ETH prices. The co-founder of Opyn, Alexis Gauba, stated that they were working on a plan “to mitigate impact for ETH put sellers.” In a recent update by Opyn on Twitter the team notes,
We will be reimbursing ETH put sellers in full who were affected by the vulnerability. We will have more details re reimbursement process in the next 3 days
This is Just the Beginning
Although DeFi stands for Decentralized Finance, there is only a certain degree of decentralisation that can be implemented in these contracts. Moreover, before launching Ismilyaev suggests that a step needs to be added to this. He says,
… best practice for DeFi companies to prevent such issues is to conduct an external audit of their smart contracts before using them in the wild. But the vulnerable contract wasn’t audited in this way, which lead to stolen assets.
Another prominent issue with decentralization is the ‘re-entrancy’ problem. This is very similar to what occurred with Opyn, where the interaction between two pools was flawed. Sami Tannir, DeFi analyst at Conflux explained the problem to us,
a contract interacts with another contract, but the second contract chooses to call (or re-enter) the first contract and is able to achieve a goal that is different from the developer’s original intent.
Hence, despite the growth of the DeFi design, there is a possibility of loopholes being exploited and in some cases trust being broken. The role of centralized Financial Services entities in the future would be analysing and downplaying these risks.
How long do you think before DeFi ecosystem becomes ubiquitous? Please share your views with us.
- South Korea Ends 2018 Ban on VC Investments in Crypto Firms
- Wall Street’s CPI Forecast: Expert Examines if Bitcoin Price Can Sustain Triangle Breakout?
- Avalanche Seeks $1B to Launch Treasury-Focused AVAX Firms in U.S.
- Dogecoin Leads Crypto Market Rally, Expert Sees $0.50 Target on DOGE ETF Launch
- Ethereum News: Latest On-chain Activity Hints Massive ETH Purchase by Bitmine (BMNR) and SharpLink (SBET)
- Pump Price Forecast as $12M Buyback Fuels Scarcity — Is $0.01 in Sight?
- SUI Price Prediction as Mysten Labs Meets SEC Ahead of ETF Decision—Is $7.5 Next?
- Can Dogecoin Price Hit $1 as Derivative Volume Jumps Ahead of DOGE ETF Launch
- Bitcoin Price Prediction Eyes $150K as Trump Calls for Aggressive 100 BPS Rate Cut
- Solana Price Prediction: Can Nasdaq Listing and $94M Holdings Propel SOL Toward $400?
