How Code Audit can Leave Hackers with Nowhere to Hack

This article was first published on Stories by ælf on Medium
-----

Lessons from the Harvest Finance P2P incident

In the past few months, DeFi projects have sprung up one after another, making the headlines in turns and becoming the focal point of Internet financial technology. In terms of the DeFi ecosystem, the market for protocol (application) products such as liquidity mining, decentralized exchanges, and credit lending has been very hot, drawing investors in droves. However. Behind the investment craze, however, DeFi security incidents have been on the rise. Under hackers’ crazy attacks on vulnerabilities in various parts of the contracts, many DeFi projects and platforms suffered huge losses.

DeFi security incidents are on the rise

Harvest Finance P2P attack: On October 26, 2020, Harvest Finance was attacked by hackers who took advantage of its existing vulnerabilities to make the platform’s native token FARM plummet by 65% in less than an hour, causing about $24 million in losses. In this incident, the hackers exploited the vulnerability that Harvest Finance’s fToken (fUSDC, fUSDT…) used the quotation in the Curve y pool when minting tokens (that is, use Curve as the source of price feed). In this way, hackers controlled the amount of fToken minted in Harvest Finance through huge exchanges and manipulate external prices, thereby stealing a large amount of funds.

51% attack: In May 2018, the Bitcoin Gold development team announced that hackers controlled a large proportion of the computing power of the BTG network, thus launching a “51% double-spend attack” against the exchange. The attackers stole more than 388,200 BTG from the exchange, worth about $18.6 million. The logic of the “51% attack” is that the digital currency uses a distributed accounting mechanism. Taking Bitcoin as an example, the Bitcoin network is a decentralized distributed ledger, and each account needs to be confirmed by a “referendum”. When the attacker has more than 50% of ...

-----
To keep reading, please go to the original article at:
Stories by ælf on Medium

Comments (No)

Leave a Reply