1 year ago
Blockchain information steadfast Chainlight said it received a $10,000 bounty for uncovering a imaginable vulnerability that could person jeopardized $32 cardinal successful lawsuit funds connected Optimism-based decentralized speech (DEX) Perpetual Protocol.
In a Nov. 9 post connected societal media level X (formerly Twitter), Chainlight elaborate however it reported a captious bug successful Perpetual Protocol’s “AccountBalance” declaration past year. According to the firm, the declaration is simply a pivotal constituent that “serves arsenic the protocol’s encephalon for calculating presumption values.”
The vulnerability posed a terrible menace to the DEX, placing the full $32 cardinal USDC held by the protocol astatine hazard of being misappropriated.
This flaw had the imaginable to let atrocious actors to swiftly determination the full $32 cardinal wrong a five-minute timeframe, leaving the protocol with insufficient clip to deploy effectual information measures.
The white-hat hacker elaborate that an attacker could manipulate plus prices done a pump-and-dump strategy, exploiting volatile terms actions to spot presumption orders extracurricular the permissible scope and instantly profit, resulting successful the protocol’s atrocious debt.
In acknowledgment of its efforts, Chainlight said it got $10,000 worthy of Perpetual Protocol’s autochthonal PERP tokens.
Perpetual Protocol’s debased bounty draws critics
The $10,000 bounty has generated respective reactions from the crypto community, who reason it was insufficient considering the protected amount.
Trust, the caput of information astatine blockchain auditing steadfast TrustSec, labeled the reward arsenic different lawsuit of a bounty scam, asserting that it did not adequately bespeak the gravity of the situation.
Protocol Specialist astatine Coinbase, Viktor Bunin, besides questioned wherefore the bounty was truthful low.
Juancito, a blockchain information researcher, criticized the meager bounty offer, suggesting that white-hat hackers’ contributions to the ecosystem are not appropriately valued.
Similarly, Blurpoint noted that white-hat efforts often spell unappreciated, emphasizing the value of acknowledging and adequately compensating these contributions.
Web3 information adept CryptoBandit shared a comparable experience, recounting however helium shared a captious vulnerability that could person led to $40 cardinal successful losses with the DEX but lone got $30,000 arsenic bounty rewards.
This concern underscores the challenges white-hat hackers look wrong the industry, arsenic they are not decently incentivized to assistance crypto platforms exposure vulnerabilities wrong their codes.
The station $32M vulnerability successful Perpetual Protocol uncovered by Chainlight nets $10k successful achromatic chapeau rewards appeared archetypal connected CryptoSlate.
English (US) 