ParaSwap Thwarts Major Security Breach; Disables Faulty Contract Amid Safety Concerns
Summary:
Decentralized finance aggregator ParaSwap spotted and acted on a serious flaw in its Augustus V6 contract to avert a potential massive funds loss. Despite immediate measures, a hacker made away with $24,000. A total of 386 addresses were impacted by the vulnerability. ParaSwap has disabled the faulty contract support in its updated user interface and switched back to the previous version five. Recent research by Salus Security has also shown that AI tools like ChatGPT-4, while helpful in generating and analyzing codes, are not yet fully reliable as security auditors.
ParaSwap, the decentralized finance (DeFi) aggregator, recently detected and mitigated a serious weakness in its latest contract, Augustus V6, averting a significant funds loss. The contract was live on March 18, pledging to provide amplified competence in gas fee swapping than its earlier contracts. However, a severe malfunction was identified that could have been exploited by cybercriminals to hijack approved funds.
Upon identifying the technical glitch on March 20, ParaSwap swiftly suspended the v6 application programming interface (API) to safeguard the potential victims' money via a white hack. Moreover, ParaSwap suggested all parties revoke access to the flawed Augustus v6 contract as a precaution against future fund losses until the issue was resolved fully. Despite this proactive approach, including recalling the defective contract and advising users to take necessary action, a hacker managed to withdraw about $24,000 from four distinct wallets. ParaSwap reported that the fault affected 386 addresses in total and appealed users to report any unknown fund losses that might have been overlooked in their initial investigation.
Subsequently, ParaSwap deactivated the flawed v6 contract support on their recently modified user interface (UI) and switched back to v5. They also assured that all recovered funds for affected wallets would be refunded, promising to provide further details shortly. However, they did not promptly respond to a request for comment from Cointelegraph.
Given the lingering risk for affected users until they withdraw their approvals, ParaSwap advocates utilizing exploit checker services like Revoke to ascertain their safety.
Researchers from Salus Security have recently revealed that generative artificial intelligence (AI) tools such as ChatGPT-4 can generate and analyze codes effectively. Still, they fall short as comprehensive security auditors. They further suggested that while GPT-4 could assist in smart contract auditing to some degree, it isn't yet suitable to replace professional auditing tools and experienced auditors due to its limitations in detecting vulnerabilities.
Published At
3/20/2024 11:26:34 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.