Цертик види да је 12 милиона долара враћено од крипто експлоатације упркос ревизији

Еколошки стаблецоин project Defrost Finance will return $12 million in funds stolen through Dec. 23, 2022, exploit, despite undergoing a code audit by CertiK.

Одмрзнути ће користити on-chain data to ensure the correct allocation of the stolen funds. The refund comes after an attacker exploited flaws in multiple Defrost smart contracts. Blockchain безбедност firm Peckshield initially пријавио the attack on Dec. 23, 2022.

Defrost Clients Lose $12 Million

The hacker reportedly drained $173,000 through a flash loan attack leveled at Defrost’s V1 protocol. In a more significant V2 attack, a perpetrator stole $12 million by liquidating users’ positions through a fake collateral token and a malicious price пророчанство. Attackers later allegedly stole $1.4 million from cross-chain tech aggregator Rubic Finance, raising concerns about vulnerabilities in smart contract code.

Liquidations occur in дефи when the value of a user’s collateral falls below a lending protocol’s minimum loan-to-value ratio. Stablecoin protocols like Defrost allow users to deposit collateral for a perpetual stablecoin loan. The protocol uses an algorithmically-adjusted stability fee to set the loan’s interest. The introduction of fake collateral to V2 likely compromised Defrost users’ loan-to-value ratios, leading to their liquidations.

CertiK Audits Reveal Centralization Issues

Оба хацкс have drawn attention to the conclusions that can be drawn from smart contract code audits when assessing the legitimacy of a дефи project. Blockchain security firm CertiK was implicated in both hacks, with Defrost and Rubic having undergone code audits by the company. 

ЦертиК ревидиран Defrost V1’s smart contracts in Nov. 2021, listing a critical logic issue and five issues relating to centralization. The former had been resolved at press time, while the latter was acknowledged without evidence of further work. A logic issue, colloquially referred to as a ‘bug,’ allows smart contracts to operate incorrectly without crashing. On the other hand, a centralization issue can cause the compromise of several entities if a hacker gains access to a shared code block or variable.

CertiK also унеартхед several centralization issues in Rubic Finance’s SwapContract smart contract, one of which would enable a hacker to withdraw ETH/BNB and other tokens to the hacker’s address.

Audits Don’t Replace Common Sense

Rather than endorsing a project or its assets, CertiK tests smart contracts’ resilience to various attack vectors. It also assesses the contracts’ compliance with acceptable coding standards and compares a project’s smart contracts to those produced by industry leaders. 

Careful scrutiny of CertiK’s website reveals that the company only audits code provided by the DeFi protocol. It advises interested investors to conduct their own due diligence. Additionally, its reports contain the following disclaimer:

“CertiK’s position is that each company and individual are responsible for their own due diligence and continuous security. CertiK’s goal is to help reduce the attack vectors and the high level of variance associated with utilizing new and consistently changing technologies, and in no way claims any guarantee of security or functionality of the technology we agree to analyze.”

While not the complete picture, these reports can provide insight into a project’s risks, helping to inform interested parties about a project. Any proposed changes to the smart contract code can undergo a protocol’s standard гласање поступак without government intervention. 

Генерални директор Цоинбасе Бриан Армстронг адвокати that DeFi protocols be protected by free speech in the United States rather than be regulated by laws governing financial services businesses.

За Бе[Ин]Црипто најновије Bitcoin (БТЦ) анализа, кликните овде.