“Combining batch with commitEth (a function on... - Deepstash

“Combining batch with commitEth (a function on Miso Dutch Auction) creates a two-pronged issue where a user can both put up a commitment higher than ‘msg.value ’ thereby draining any unsold tokens and additionally drain the raised funds on the contract as refunds if the auction has reached max commitment,” SushiSwap’s team wrote in the post.

STASHED IN:

2

STASHED IN:

0 Comments

MORE IDEAS FROM THE ARTICLE

<p dir="ltr">A group of people...

A group of people in the crypto community, led by crypto investment firm Paradigm’s research partner Sam Sun , may have just prevented SushiSwap’s token fundraising platform Miso from losing more than $350 million worth of ether (ETH, -5.98%) , after discovering and fixing a bug on the platform in under just five hours.

In a Dutch auction, investors place bids reflecting the maximum amount that they are willing to pay. Once the bids are collected, the highest bid is declared the winner. After the auction is finalized, unsuccessful bids are returned to their owners.

STASHED IN:

2

<p dir="ltr">A group of people...

A group of people in the crypto community, led by crypto investment firm Paradigm’s research partner Sam Sun , may have just prevented SushiSwap’s token fundraising platform Miso from losing more than $350 million worth of ether (ETH, -5.98%) , after discovering and fixing a bug on the platform in under just five hours.

In a Dutch auction, investors place bids reflecting the maximum amount that they are willing to pay. Once the bids are collected, the highest bid is declared the winner. After the auction is finalized, unsuccessful bids are returned to their owners.

STASHED IN:

2

The SushiSwap team and Paradigm’s Sun , in separate posts, both identified that, essentially, the vulnerability was centered around the ability to batch multiple calls to commitEth  and reuse a single msg.value  across every commitment, allowing an attacker to bid in the auction for free.

STASHED IN:

2

Deepstash helps you become inspired, wiser and productive, through bite-sized ideas from the best articles, books and videos out there.

GET THE APP:

RELATED IDEAS

What is a liquidity pool?

A liquidity pool is a collection of funds locked in a smart contract. Liquidity pools are used to facilitate decentralized trading, lending and many more functions.

  • Liquidity Pools are the game-changing innovation in Decentralized Finance (DeFi) that facilitates trading on Decentralized Exchanges (DEX) and provide liquidity through a collection of funds locked in a smart contract.
  • Users called liquidity providers (LP) add an equal value of two tokens in a pool to create a market. In exchange for providing their funds, they earn trading fees from the trades that happen in their pool.

10

STASHED IN:

18

Ethereum promise

Ethereum's initial success can be attributed to a few elements. Ethereum is programable, meaning apps can run on the Ethereum blockchain. This is what let to Ethereum being used in:

  • Decentralised Finance, or DeFi, meaning that apps like investments, insurance etc can be run without a central authority.
  • NFTs, tokens to prove the authenticity and ownership of an object (digital or physical)
  • The consensus in the network through proof of stake. New coins are created by putting guaranteeing your existing money. This incentives people to be good actors and decreases the money supply, increasing its price.

5

STASHED IN:

26

STASHED IN:

0 Comments

Initial Public Offering (IPO)

An Initial Public Offering (IPO) is the process where a private company becomes listed on a public stock exchange and offers new shares.

Prior to an IPO, the company is private and shares are usually held by the founder, early employees, VC firms, and angel investors.

An IPO is a great way for a business to raise money by allowing public investors to invest in the business for the first time.

18

STASHED IN:

43