A security outfit led by ethical hackers who specialize in security audits claimed to be offered a $500 bounty by DxSale Network, a decentralized token launchpad, after informing the platform of a breach that could cost it over $5 million.
The reward is one of the lowest ever offered to a white hat hacker.
$500 Reward for Saving $5 million
Decurity, in a recent blog post, revealed that one of its researchers on June 28, 2023, discovered a bug in an unverified smart contract on the Binance smart chain (BSC) belonging to DxSale and was offered a reward of $500 for their efforts.
According to the firm, investigations exposed a contract logic that was not secure enough to prevent hackers from draining funds locked in the contract during an initial decentralized offering (IDO).
Based on calculations, a total of 21,600 WBNB (wrapped BNB) tokens in the pools worth around $5.2 million at the time of the report could have been stolen if hackers noticed the vulnerability. Meanwhile, the security firm stated:
“Note that this figure reflects the losses that could be inflicted by an exploit that targets a single instance of the locking contract. However, Dx has more locking contracts on BSC and other chains.”
Alleged Poor Response From DxSale
Decurity claimed to contact DxSale after confirming the bug but said they first encountered friction from the project’s team, which was initially unresponsive, and later claimed to be aware of the problem. According to the blog post, the team stated that the contract in question was inactive, which meant that it was not a threat.
Despite the initial response from DxSale, Decurity stated that it was able to get in contact with DxSale’s founders and developers to discuss the situation.
As a way to fix the bug, the project’s developers decided to set high locking fees on June 29 as a solution to the issue to discourage attackers from carrying out an action. According to Decurity, the solution could deter hackers, but DxSale owners could drain the funds in the event of a potential rug pull.
Although the Dx team tried to debunk claims about hackers being able to drain funds, citing protection from several auditing partners, including CertiK Skynet, the project reportedly moved to set high fees across other chains.
Decurity, meanwhile, expressed some concerns about DxSale’s response to potential security threats, advising users to be careful when interacting with projects on the protocol.
While DxSale has not responded to Decurity’s claims, the decentralized launchpad announced a partnership with security outfit Vital Block Security on July 18.
Isenção de responsabilidade: As informações contidas nesta página podem ser provenientes de terceiros e não representam os pontos de vista ou opiniões da Gate. O conteúdo apresentado nesta página é apenas para referência e não constitui qualquer aconselhamento financeiro, de investimento ou jurídico. A Gate não garante a exatidão ou o carácter exaustivo das informações e não poderá ser responsabilizada por quaisquer perdas resultantes da utilização destas informações. Os investimentos em ativos virtuais implicam riscos elevados e estão sujeitos a uma volatilidade de preços significativa. Pode perder todo o seu capital investido. Compreenda plenamente os riscos relevantes e tome decisões prudentes com base na sua própria situação financeira e tolerância ao risco. Para mais informações, consulte a
Isenção de responsabilidade.
