The developers of Primitive, Ethereum-based decentralized finance (DeFi) permissionless options protocol, “whitehacked” their own platform after a severe exploit was discovered today.

“EMERGENCY ALERT @PrimitiveFi has whitehacked our contracts to safeguard user funds after a critical vulnerability was discovered. Further user action is required to safeguard funds,” Primitive tweeted today.

Per the blog post, a critical exploit was discovered in some of Primitive’s smart contracts that enabled “infinite approvals.” Thus, all users that gave the vulnerable contract permission to spend their tokens became at risk of losing their funds.

Since there was no way to upgrade or pause these contracts, the developers resorted to hacking their own platform.

“Although we have recused (sic) 98% of the funds, TOKENS IN WALLET which have approved the vulnerable contract are STILL AT RISK, [the reset link] will safeguard funds by setting each of your token approvals to 0,” wrote the developers, adding, “A post-mortem and next steps to reclaim funds are coming soon.”

However, those users who allowed the faulty smart contracts to spend their assets can still lose the tokens that are held in their wallets, the developers stressed. To safeguard them, the affected users need to reset approvals on their tokens via a special page.

At press time, no actual losses of funds to malicious actors using the exploit have been reported.

Primitive allows users to earn yields by providing their DAI, ETH, and other DeFi tokens as collateral for options markets. The yield itself comes from trading fees on DeFi market maker platform SushiSwap.

“The protocol is used to create smart contracts with an immutable set of parameters that define the rules of the option. Any two ERC-20 tokens can be chosen to be the underlying (the asset being purchased) or the quote (the token used to pay the strike price),” Primitive’s developers explained.

As CryptoSlate reported, the booming DeFi sector had its fair share of various exploits and hacks over the last few months. Last November, for example, an attack on a price oracle caused $100 million worth of liquidations on decentralized loans platform Compound.

Like what you see? Subscribe for daily updates.

This article was originally published by on 2021-02-23 01:00:45. It can be viewed in it’s original state here: Source link .

Leave a comment

The information provided on this website does not constitute investment advice, financial advice, trading advice, or any other sort of advice and you should not treat any of the website's content as such. EZCrypto does not recommend that any cryptocurrency should be bought, sold, or held by you. Do conduct your own due diligence and consult your financial advisor before making any investment decisions. Trading and investing is risky, do so at your own risk, and we advise people to never use more money than they can afford to lose. The cryptocurrency market is a volatile and risky market. Cryptocurrency trading may not be suitable for all users of this website.

EZCrypto © 2021. All rights reserved.

My Newsletter

Sign Up For Updates & Newsletters