The firm behind the largest decentralized exchange (DEX) by trading volume is launching a $15.5 million bug bounty of historic proportions. According to a new announcement from Uniswap Labs, the bug bounty aims to identify potential holes in Uniswap V4’s core contracts. Uniswap V4 is set to be the latest version of the DEX. According […]
The post Uniswap Labs Launches ‘Biggest Bug Bounty in History’ To Find Vulnerabilities in DEX appeared first on The Daily Hodl.
The program will be open to a limited number of participants initially but will expand at a later date.
Artificial intelligence firm Anthropic announced the launch of an expanded bug bounty program on Aug.8, with rewards as high as $15,000 for participants who can “jailbreak” the company’s unreleased, “next generation” AI model.
Anthropic’s flagship AI model, Claude-3, is a generative AI system similar to OpenAI’s ChatGPT and Google’s Gemini. As part of the company’s efforts to ensure that Claude and its other models are capable of operating safely, it conducts what’s called “red teaming.”
Red teaming is basically just trying to break something on purpose. In Claude’s case, the point of red teaming is to try and figure out all of the ways that it could be prompted, forced, or otherwise perturbed into generating unwanted outputs.
Ronin Network stated that digital assets worth $12 million, siphoned by so-called white hat hackers on August 6, were returned in full the same day. The Ronin team mentioned that they paused the bridge approximately 40 minutes after the first on-chain action was detected. The team also assured users that their funds were “safe and […]
The Ethereum Foundation (EF) is unveiling a month-long initiative aimed at improving the security of the second-largest blockchain by market capitalization. According to the Ethereum Protocol Security (EPS) Research Team, the blockchain-focused bug bounty platform Immunefi will host an Ethereum (ETH) protocol “Attackathon” over a four-week period. An Attackathon is a challenge aimed at auditing […]
The post Ethereum Foundation Rolls Out ‘Attackathon’ To Bolster Blockchain Security, Plans To Raise Over $2,000,000 in Reward appeared first on The Daily Hodl.
A digital asset security research firm has returned $3 million in funds to crypto exchange Kraken after an unusual saga following a bug bounty program exploit. Yesterday, Kraken chief security officer Nick Percoco said in a lengthy X thread that the exchange was alerted days ago that an “extremely critical” code exploit allowing hackers to artificially […]
The post Blockchain Security Firm Certik Returns $3,000,000 in Exploited Funds to Crypto Exchange Kraken appeared first on The Daily Hodl.
Kraken has accused an unnamed security research firm of stealing $3 million from its treasury and attempting to extort more money. Nick Percoco said so-called white hat hackers failed to fully disclose the bug transaction details and have not made arrangements to return the stolen funds. White Hat Hackers Refuse to Abide by Rules The […]
Days after suffering a security breach, crypto exchange CoinEx is attempting to reach out to the hackers responsible for the incident. In an open letter to the hackers, CoinEx says it is ready to reward the perpetrators of the theft with a “generous bug bounty” if the stolen assets are returned. “We hope you recognize the […]
The post Crypto Exchange CoinEx Promises Generous Bug Bounty Reward to Hacker Following $70,000,000 Exploit appeared first on The Daily Hodl.
Attorneys representing Avraham Eisenberg argued he had already settled his dispute with Mango DAO and shouldn't have to pay back any more funds.
The alleged exploiter of the decentralized finance protocol Mango Markets, Avraham Eisenberg, is seeking to keep his share of crypto gained from his so-called “highly profitable trading strategy.”
On Feb. 15, attorneys for Eisenberg filed a motion in a New York District Court objecting to a lawsuit from Mango that asks for $47 million in damages plus interest starting from the time of Eisenberg’s October attack, whidrained around $117 million from the protocol.
The lawyers argued that Eisenberg shouldn’t need to pay back any more funds to the DeFi platform due to a settlement agreement that he reached with Mango DAO, arguing that the “matter was settled.”
A governance proposal was passed by the Mango DAO following the draining of its treasury that saw Eisenberg keep a portion — $47 million — of the pilfered funds as a bug bounty along with a stipulation that Mango wouldn’t pursue legal action.
“Eisenberg transferred funds totaling approximately $67 million to Mango Markets,” the attorneys wrote, adding:
“Weeks later, eligible Mango Markets’ members received reimbursement from the Mango Markets treasury. At that point, all involved considered this matter closed and Mr. Eisenberg heard nothing further from Mango Markets.”
Mango, however, said in its suit that the settlement should be voided as it was made “under duress” and alleged Eisenberg “was not engaged in lawful bargaining.”
Eisenberg’s attorneys rebuffed these claims, saying the “improper three-month delay” for Mango filing its suit “undermines any alleged irreparable harm.” The lawsuit, they say, aimto “take advantage” of Eisenberg’s December arrest in Puerto Rico by United States authorities.
Related: Alleged Mango Markets exploiter waives bail during hearing in federal court
Eisenberg was charged by the Federal Bureau of Investigation with commodities fraud and manipulation.
He also faces a lawsuit from the U.S. Commodity Futures Trading Commission that alleges market manipulation and a suit from the Securities and Exchange Commission for violating securities laws relating to anti-fraud and market manipulation.
Eisenberg has previously stated his trades on Mango were “legal open market actions, using the protocol as designed,” and called his purported attack a “highly profitable trading strategy.”
Aave Companies, the firm behind the decentralized finance (defi) project Aave, has announced the launch of a stablecoin called GHO on the Ethereum testnet network Goerli. The codebase is available on Github and has undergone audits by Open Zeppelin, Sigmaprime and ABDK. Aave Invites Programmers to Test GHO Before Mainnet Deployment On Thursday, Aave Companies […]
A security firm flagged a now-fixed vulnerability to Uniswap, highlighting the potential for reentrancy attacks on the protocol’s Universal Router smart contract.
Uniswap’s recently launched bug bounty program has led to the discovery of a now-fixed vulnerability of the protocol’s Universal Router smart contract.
The automated market maker released two new smart contracts to its platform in November 2022. Permit2 allows token approvals to be shared and managed across different applications, while Universal Router unifies ERC-20 and nonfungible tokens (NFTs) swapping into a single swap router.
Uniswap also advertised a lucrative bug bounty program to identify potential vulnerabilities in its smart contracts towards the end of 2022 as it looked to assure the safety and efficacy of its protocol.
Smart contract security and auditing firm Dedaub announced that it had received a bug bounty after flagging a vulnerability in the Universal Router smart contract that would have allowed reentrancy to drain user funds mid-transaction.
The Dedaub team has disclosed a Critical vulnerability to the Uniswap team!
— Dedaub (@dedaub) January 2, 2023
Funds are safe - Uniswap addressed the issue and redeployed the Universal Router smart contracts on all its chains
The vulnerability allows re-entertrancy to drain the user's funds, mid-tx.
pic.twitter.com/wFSFsohPvy
According to Dedaub’s breakdown, the Universal Router allows users to perform diverse actions including swapping multiple tokens and NFTs in one transaction.
The router embeds a scripting language for a wide variety of token actions, which could include transfers to third party recipients. If correctly implemented, transfers would go to the recipient within specified parameters.
Related: Immunefi says it has facilitated $66M in bug bounties since inception
However, Dedaub identified a vulnerability in which a third-party code was invoked during the transfer, allowing the code to re-enter the Universal Router and claim any tokens that were temporarily in the contract.
Dedaub then suggested a straight-forward remedy, advising the Uniswap team to add a reentrancy lock to the core execution of the new router. Uniswap awarded the auditing firm a total of $40,000 for flagging the vulnerability. The amount included a 33% bonus for reporting the issue during Uniswap’s bonus period in November 2022.
Uniswap classified the issue as medium severity, while further assessment deemed the vulnerability to have high impact and low likelihood. According to Dedaub, the possibility of a user sending NFTs to an untrusted recipient directly was considered user error.
More complex and less likely scenarios were considered valid for reentrancy, which resulted in Uniswap deeming the vector to have a low likelihood. Cointelegraph has reached out to Uniswap to ascertain further details of its ongoing bounty program, amounts paid out and the number of bugs identified to date.
Bug bounties have become commonplace in the cryptocurrency and blockchain space as platforms and companies look to ensure the security of their software, systems and infrastructure.
Cryptocurrency exchange Coinbase recently clarified the terms of its bug bounty, while blockchain security firm Immunefi has facilitated over $65 million worth of bug bounties between ethical hackers and Web3 firms in 2022.
