ParaSwap avoids hacking targeting Augustus v6 contract vulnerability
Decentralized finance (DeFi) aggregator ParaSwap discovered a vulnerability in its newly launched Augustus v6 contract and prevented it from suffering significant financial losses due to white hat intervention.
On March 18, the ParaSwap Augustus v6 contract went live, which aims to improve exchange efficiency and reduce gas fees. However, the contract contains a critical vulnerability that could allow hackers to withdraw funds upon approval.
Shortly after discovering the vulnerability on March 20, ParaSwap disabled the v6 Application Programming Interface (API) and made it available for white hat hacking of victims' funds.
ParaSwap advises all users to cancel licenses for the August v6 contract until further financial loss is eliminated.
Despite ParaSwap's initial efforts to restore the vulnerable v6 contract and notify users to take the necessary steps, the hacker was able to withdraw approximately $24,000 worth of funds from four addresses.
In total, ParaSwap said 386 addresses were affected by the vulnerability. The protocol calls for users to report anonymous financial losses during early detection.
Additionally, Paraswap has recently disabled support for the vulnerable v6 contract in its updated user interface (UI) and reverted to v5. “We have successfully received funds for all addresses, and more details about the refund process will be shared soon,” the company added.
ParaSwap did not immediately respond to Cointelegraph's request for comment.
Affected users are vulnerable unless they revoke their authorization, and ParaSwap recommends that individuals use exploit remediation services such as Revoke to ensure their safety. Check out Cointelegraph's guide on how to identify and mitigate smart contract vulnerabilities.
Related: Old Trust Wallet iOS vulnerability from 2018 may still affect some accounts
Generative Artificial Intelligence (AI) tools like ChatGPT-4 are good at generating code. But the tools fail to act as a fully reliable security auditor.
In a recently published research paper, a pair of researchers from Sals Security, a blockchain security company with offices in North America, Europe and Asia:
“GPT-4 can be a useful tool in smart contract auditing, especially in code analysis and providing vulnerability clues. However, given the limitations in vulnerability testing, it cannot fully replace current professional audit tools and experienced auditors.
According to their findings, ChatGPT is good at identifying true positives – actual vulnerabilities that are worth investigating outside of a test environment. Achieved over 80% accuracy in testing.
Magazine: Digital-Nomads Crypto Hub in South Africa: Cape Town, Crypto City Guide
