Dyson Money Deprecated Vault Contract

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Dyson Money Logo/Homepage

Dyson Money emptied some rewards out of a deprecated vault contract, which captured the attention of security researchers at SlowMist. According to Dyson Money, there was no exploit at all, and the transaction was falsely flagged. While SlowMist has publicly praised the Dyson Money team for their quick response, they haven't outright stated there was no exploit and the situation continues to be listed on the SlowMist hacked page.^{[1][2][3][4][5]}

About Dyson Money

"Achieve maximum yield with Dyson - the DeFi platform by Sphere Finance that unlocks the full potential of your assets."

"Dyson is a decentralized & multichain yield-maximiser. It maximizes yield through carefully crafted strategies which are managed on-chain, making perpetual yield farming accessible to the average user.

Every strategy is secured and automated by smart contracts. Dyson automatically harvests & reinvests yield rewards to ensure compounding interest to depositors. The vaults created for Dyson's strategies are completely permission-less & trust-less, meaning that users are completely in control of their crypto & can withdraw at any time they like."

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

• When the service was actually started (if different than the "official story").
• Who actually ran a service and their own personal history.
• How the service was structured behind the scenes. (For example, there was no "trading bot".)
• Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

"According to monitoring by the SlowMist security team, Dyson on BNBChain was attacked, resulting in a loss of approximately $31,000."

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

SlowMist claimed $31k.

No funds were lost.

Immediate Reactions

"We wanted to address the ongoing situation with SlowMist and their recent post about potential suspicious activity detected on our protocol.

Transparency is one of our core values, and we believe it's important to provide clarity and context to you.

@SlowMist_Team, a respected blockchain security firm doing amazing work in keeping our space safe, flagged what was perceived as unusual on-chain activity on Dyson yesterday.

However, we want to assure you that this activity is not an exploit or any cause for concern.

After a thorough investigation, we have determined that the activity in question was simply a large amount of unharvested rewards being taken out of a relatively small position in one of our deprecated vaults.

This vault, while not actively promoted or utilized, continues to generate yield.

We have been in communication with the SlowMist team and have provided them with a detailed explanation of the situation, and they have kindly acknowledged our response.

We take security and transparency extremely seriously, and have implemented rigorous security measures to ensure the safety of our protocols and your assets.

We appreciate @SlowMist_Team's vigilance in identifying potential risks, and also their commitment to clarity and transparency.

Once again, we want to assure our community that there has been no exploit or malicious activity within our ecosystem.

We remain committed to open communication and will continue to provide updates on any developments or concerns that may arise.

If you have any further questions or require additional clarification, please do not hesitate to reach out to us in our Discord server (link below).

Thank you for your continued trust and support as we work to build a transparent, secure, and valuable ecosystem for all"

Ultimate Outcome

"After confirmation, this issue was caused by a deprecated vault contract. The Dyson team has quickly addressed the situation, and their responsible attitude towards the community is praiseworthy."

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References