QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$30 000 USD
JUNE 2020
GLOBAL
DEFI SAVER
DESCRIPTION OF EVENTS
"DeFi Saver is a one-stop dashboard for creating, managing and tracking your DeFi positions." "Automation can manage your leverage and protect your position from liquidation based on your input, non-custodially and trustlessly."
"Earlier today a vulnerability in the DeFi Saver Exchange was disclosed to our team."
"In order to protect user funds we performed a white hack attack to move affected funds (~$30k) to a smart contract from where only original owners can withdraw."
"We will share more details about the discovered vulnerability and the steps we will take to prevent any similar issues from happening again early next week. For the time being the Exchange has been removed from the DeFi Saver app." "If you ever used the Exchange at DeFi Saver you may need to remove token approvals in order to secure your account.Warning sign"
"All funds (~$30k) affected by the vulnerability are safe and will be returned to their owners. We performed a white hat attack to move affected funds to a smart contract from where the funds can only be withdrawn by their original owner addresses."
There was a vulnerability in the DefiSaver smart contract. Some funds were under risk, however they were captured and returned through a whitehat hack.
HOW COULD THIS HAVE BEEN PREVENTED?
DeFi Saver (Jul 25)
@imTokenOfficial Twitter (Jul 25)
Slowmist How Was The 310 000 Dai Of Defi Saver Users Stolen (Jul 25)
@DeFiSaver Twitter (Jul 25)
@DeFiSaver Twitter (Jul 25)
Disclosing A Recently Discovered Exchange Vulnerability (Jul 25)
@DeFiSaver Twitter (Jul 25)
ExchangeRedeemer | 0x9523fe0d1d488cafddfb3dce28d7d177dddbc300 (Jul 25)
DeFi Saver: Safeguard | 0xe05b162cd6571e825484ae95a93bfac02e64b05a (Jul 25)
https://git.secos.mobi:9930/all_projects/ethscope/Approval/defcon/-/blob/master/medium.com/defi-saver/disclosing-a-recently-discovered-vulnerability-d88e3b5cb67 (Oct 12)
Unlimited Approval In Erc20 Convenience Or Security (Oct 12)
https://git.secos.mobi:9930/all_projects/ethscope/Approval/defcon/-/blob/master/www.chainnews.com/articles/790968196239.htm (Oct 12)