The lion’s share of Ethereum’s validators rely on the same piece of software to power their operations. According to some experts, this could be a big risk.
Bug in Fed’s payment system prevents bank customers from getting paid
Banks stressed customer accounts “remain secure” and balances will be updated as soon as the issue is resolved.
Immunefi launches on-chain bug bounties through ‘Vaults’ system
The Web3 security platform now allows projects to deposit bounty funds to a Safe smart contract, proving the funds are available.
Blockchain Security Firm CertiK Found an Infinite Loop Bug in Sui Network
The bug was found before Sui mainnet was live and the foundation granted a $500,000 award for the discovery.
Arbitrum Temporarily Stopped Processing Due to Software Bug
Bug in Aave V2 Polygon causes some assets to become stuck in contracts
The bug only affects the Polygon implementation, and V3 is unaffected
Ethereum Briefly Stopped Finalizing Transactions. What Happened?
The loss in finality meant that blocks could have been tampered with, and while it isn’t supposed to affect end-user experiences, it did lead to some inconveniences for some applications.
Libra-related Sui blockchain fixes critical bug that put ‘billions’ at risk
The vulnerability was located in a file that translates human-readable code into machine language for storage.
Magic Eden to refund users after 25 fake NFTs sold due to exploit
Over two dozen fake NFTs were sold on the Magic Eden marketplace over a 24-hour period due to a “massive exploit” on the platform.
Reliably unreliable: Solana price dives after latest network outage
Solana has suffered its fifth outage of 2022, and the year is only five months old. A bug-related consensus failure was the culprit this time.
Polygon upgrade quietly fixes bug that put $24B of MATIC at risk
“Considering how much was at stake, I believe our team has made the best decisions possible given the circumstances,” said Polygon’s co-founder Jaynti Kanani.
Compound crisis averted? Securing exposed COMP could be just the start
Compound protocol has placed $150 million worth of COMP tokens at risk, but a bug fix is likely to remedy the situation after giving the community a scare.
Compound Finance Suffers Bug Leading To ~$50M Token Distribution
Compound Finance (COMP) has seemingly suffered a token distribution bug after introducing and passing a recent governance vote that addressed rewards distribution, Proposal 62. Shortly thereafter, Compound reported in a tweet that there was unusual behavior regarding COMP distribution following the vote, but that “no supplied/borrowed funds are at risk.”
The funds that are in jeopardy due to the bug sit only in the Comptroller contract, which means that there is a total cap of 280,000 COMP tokens that are at risk. However, that’s still a hefty number, worth over $80M USD at the time of publishing. One transaction was reportedly as high as nearly $30M alone.
Let’s Get Movin’
With governance often comes the lack of immediate action. As Compound Finance CEO and Founder Robert Leshner noted in a tweet discussing the events at hand, “there are no admin controls or community tools to disable the COMP distribution; any changes to the protocol require a 7-day governance process.”
The Compound team quickly rolled out the initial governance process with Proposal 63 up for review, which temporarily disables COMP distribution rewards while the team and community address the fix for the protocol.
Leshner adds that while Proposal 63 is up for review, “a patch to restart the distribution is in development.” While this gives the team time to address the issue, Proposal 63 does note that all ~280,000 tokens will be at risk.
While the recent Compound bug showed immediate price impact, buyers quickly came back to market and the COMP token has still showed long-term resiliency. | Source: COMP-USD on TradingView.com
Related Reading | TA: Ethereum Consolidates, Why Bulls Could Aim Fresh Rally
Take 10%
Leshner has since gone on Twitter asking recipients of mistaken distributed COMP to return it, with the below tweet:
If you received a large, incorrect amount of COMP from the Compound protocol error:
Please return it to the Compound Timelock (0x6d903f6003cca6255D85CcA4D3B5E5146dC33925). Keep 10% as a white-hat.
Otherwise, it's being reported as income to the IRS, and most of you are doxxed.
— Robert Leshner (@rleshner) October 1, 2021
He took a bit of heat for the tweet, and followed up by stating that it was a “bone-headed tweet / approach” and that his intentions lie in “trying to do anything I can do to help the community get some of its COMP back.”
Smart contract specialist Kurt Barry noted just how costly small errors in code can impact blockchain projects:
Smart contracts are unforgiving of the tiniest errors…COMP bug is a tragic case of ">" instead of ">=" (in two code locations). Two characters, tens of millions of value lost.
— Kurt Barry (@Kurt_M_Barry) September 30, 2021
Truly a tough set of circumstances for the Compound Finance community, however many have shown approval of Leshner’s response.
The move is not the first mishap in the rapidly growing world of DeFi. Last month, the Poly Network suffered a hack that cost over $600M USD. In a bit of a bizarre set of circumstances, the Poly hacker returned most of the stolen crypto back to the network. And in the last week, cross-chain DeFi protocol pNetwork lost over $12M USD in tokenized Bitcoin to attackers.
Related Reading | Visa Is Building A Payment Channel Network On Ethereum
Featured image from Pexels, Charts from TradingView.com
Bug in Ethereum client leads to split — EVM-compatible chains at risk
“Stay away from doing [transactions] for a while till confirmed, unless you are sure you are submitting to latest Geth,” advised Andre Cronje.
Avalanche Developers Rush Client Patch as ‘Bug’ Slows Blockchain Transactions
A “cross-chain finality” bug has forced the network into “self-healing mode.”
Bug in ‘Timelocked’ Bitcoin Contracts Could Spur Miners to Steal From Each Other
A widespread bug has compromised a special type of bitcoin transaction that is supposed to discourage miners from cheating, new research shows.
IOTA Fixes ‘Minor’ Network Bug Following 15-Hour Mainnet Downtime
The IOTA Foundation said it has resolved a software bug that prevented transactions from confirming on the IOTA network for 15 hours.
Terra Signs Music Streaming Platform Bugs To Its Crypto Payments Alliance
The music steaming service will join twenty-five partners in a South Korean crypto payments alliance.
In Wake of ‘Major Failure,’ Bitcoin Code Review Comes Under Scrutiny
In the wake of a severe code vulnerability, bitcoin developers are asking if current code review processes are enough to prevent further failures.