A security outfit led by ethical hackers who specialize in security audits claimed to be offered a $500 bounty by DxSale Network, a decentralized token launchpad, after informing the platform of a breach that could cost it over $5 million.
The reward is one of the lowest ever offered to a white hat hacker.
$500 Reward for Saving $5 million
Decurity, in a recent blog post, revealed that one of its researchers on June 28, 2023, discovered a bug in an unverified smart contract on the Binance smart chain (BSC) belonging to DxSale and was offered a reward of $500 for their efforts.
According to the firm, investigations exposed a contract logic that was not secure enough to prevent hackers from draining funds locked in the contract during an initial decentralized offering (IDO).
Based on calculations, a total of 21,600 WBNB (wrapped BNB) tokens in the pools worth around $5.2 million at the time of the report could have been stolen if hackers noticed the vulnerability. Meanwhile, the security firm stated:
“Note that this figure reflects the losses that could be inflicted by an exploit that targets a single instance of the locking contract. However, Dx has more locking contracts on BSC and other chains.”
Alleged Poor Response From DxSale
Decurity claimed to contact DxSale after confirming the bug but said they first encountered friction from the project’s team, which was initially unresponsive, and later claimed to be aware of the problem. According to the blog post, the team stated that the contract in question was inactive, which meant that it was not a threat.
Despite the initial response from DxSale, Decurity stated that it was able to get in contact with DxSale’s founders and developers to discuss the situation.
As a way to fix the bug, the project’s developers decided to set high locking fees on June 29 as a solution to the issue to discourage attackers from carrying out an action. According to Decurity, the solution could deter hackers, but DxSale owners could drain the funds in the event of a potential rug pull.
Although the Dx team tried to debunk claims about hackers being able to drain funds, citing protection from several auditing partners, including CertiK Skynet, the project reportedly moved to set high fees across other chains.
Decurity, meanwhile, expressed some concerns about DxSale’s response to potential security threats, advising users to be careful when interacting with projects on the protocol.
While DxSale has not responded to Decurity’s claims, the decentralized launchpad announced a partnership with security outfit Vital Block Security on July 18.
Avertissement : Les informations contenues dans cette page peuvent provenir de tiers et ne représentent pas les points de vue ou les opinions de Gate. Le contenu de cette page est fourni à titre de référence uniquement et ne constitue pas un conseil financier, d'investissement ou juridique. Gate ne garantit pas l'exactitude ou l'exhaustivité des informations et n'est pas responsable des pertes résultant de l'utilisation de ces informations. Les investissements en actifs virtuels comportent des risques élevés et sont soumis à une forte volatilité des prix. Vous pouvez perdre la totalité du capital investi. Veuillez comprendre pleinement les risques pertinents et prendre des décisions prudentes en fonction de votre propre situation financière et de votre tolérance au risque. Pour plus de détails, veuillez consulter l'
avertissement.
