The vulnerability

“The bug was created when a convenience function for wallet addresses interacted with the refund mechanism of the auction contract,” explained Duncan Townsend, CTO at Immunefi, a bug bounty platform for DeFi that was also recruited to help solve the issue.

“Users could over-bid and get a r...

A group of people in the crypto community, led by crypto investment firm Paradigm’s research partner Sam Sun , may have just prevented SushiSwap’s token fundraising platform Miso from losing more than $350 million worth ...

“Combining batch with commitEth (a function on Miso Dutch Auction) creates a two-pronged issue where a user can both put up a commitment higher than ‘msg.value ’ thereby draining any unsold tokens and additionally drain the raised funds on t...

The smart contracts that underpin DeFi are complex, combining “composable” Lego blocks to create new contracts and protocols. “This incident shows that even safe contract-level components can be mixed in a way that produces unsafe contract-level behavior. There’s no catch-all advice to apply here...