Home Coins Ethereum (ETH) Anonymous devs behind a DeFi yield farm could steal $1B in 12...

Anonymous devs behind a DeFi yield farm could steal $1B in 12 hours

- Advertisement -

Harvest Finance, a decentralized finance project that succeeded in attracting over $1 billion in funds locked, has an admin key that gives its holders the ability to mint tokens at will and steal users’ funds.

As noted by auditing companies PeckShield and Haechi and highlighted by Chris Blec, a DeFi community member, the governance parameters are not set by a contract with clearly defined rules. An admin key, presumably held by the anonymous developers behind the project, could be used to arbitrarily mint new FARM tokens.

This power could allow the governance key holders to create an unlimited number of tokens and drain funds in the token’s Uniswap pool, which currently holds $12 million in USD Coin (USDC).

Harvest Finance is an automated yield management system, featuring vault-based strategies similar to Yearn.finance. Haechi highlighted that in addition to the minting mechanics, the governance key holder has the ability to change the vault functionality at will, which could be exploited by submitting a bogus strategy that simply sends the funds to an attacker-controlled address.

The holders of the governance key would thus have the theoretical possibility of stealing all of the $1.05 billion in assets committed to the protocol, in addition to the funds in the Uniswap pool.

Source: DeFi Pulse

In response to the audits, the team introduced a 12-hour time lock that should give enough advanced warning to users if any foul play is detected — but that requires constant community vigilance.

The project is currently running a classical yield farm similar to many of the “food coins.” Users can commit Ether (ETH), Wrapped Bitcoin (WBTC) and other assets, but the highest FARM yield can be found by submitting FARM tokens themselves, without necessarily requiring the additional layer of abstraction of Uniswap pool tokens. Such a circular dependency is characteristic of many crypto Ponzi schemes.

The team is completely anonymous, though the project succeeded in attracting a relatively sizable community and has been involved in the community by doling out grants.

While nothing would suggest malicious intentions for now, the project is strongly centralized and prospective farmers should be aware that they are trusting an anonymous group of developers to resist the temptation to run off with their money, similarly to how the community initially trusted SushiSwap’s founder.

Update, 6 pm UTC: The article was amended with an additional source of information.



Source link

- Advertisement -
Mr Bitcointe
Mr Bitcointehttps://www.bitcointe.com/
“Fact You Need To Know About Cryptocurrency - The first Bitcoin purchase was for pizza.” ― Mohsin Jameel
472FansLike
76FollowersFollow
4,567FollowersFollow
5,261FollowersFollow
1,559FollowersFollow
2,230SubscribersSubscribe
USD - United States Dollar
EUR
1.21
GBP
1.34
CHF
1.12
NOK
0.11
JPY
0.01
CAD
0.77
AUD
0.74

Most Popular

US Bill Would Require Stablecoin Issuers to Get Bank Charters

A new U.S. Congressional bill would require stablecoin issuers to secure bank charters and secure regulatory approval prior to circulating any stablecoins.U.S. Representatives...

BANANO Monthly Update #32 (December 2020) | by Banano | Banano | Dec, 2020

In what was a quick turn-around in application and implementation, BANANO is now on the Sweden-based exchange Altilly with BTC and ETH pairs.Full...

Visa will facilitate USDC payments, thanks to fresh partnership

Visa has teamed up with blockchain services company Circle to make USD Coin (USDC) stablecoin transactions compatible with certain credit cards.“After Circle itself...
bitcoin
Bitcoin (BTC) $ 19,242.26
ethereum
Ethereum (ETH) $ 599.05
ripple
XRP (XRP) $ 0.632057
tether
Tether (USDT) $ 1.00
bitcoin-cash
Bitcoin Cash (BCH) $ 294.60
bitcoin-cash-sv
Bitcoin SV (BSV) $ 171.42
litecoin
Litecoin (LTC) $ 89.38
eos
EOS (EOS) $ 3.07
binancecoin
Binance Coin (BNB) $ 30.33
okb
OKB (OKB) $ 5.39
tezos
Tezos (XTZ) $ 2.40
leo-token
LEO Token (LEO) $ 1.36
cardano
Cardano (ADA) $ 0.159618
monero
Monero (XMR) $ 128.09
stellar
Stellar (XLM) $ 0.186577
chainlink
Chainlink (LINK) $ 14.00
huobi-token
Huobi Token (HT) $ 4.01
tron
TRON (TRX) $ 0.031268
usd-coin
USD Coin (USDC) $ 0.999431
dash
Dash (DASH) $ 105.69
neo
NEO (NEO) $ 18.07
iota
IOTA (MIOTA) $ 0.345461
nem
NEM (XEM) $ 0.200674
zcash
Zcash (ZEC) $ 76.74
maker
Maker (MKR) $ 561.03
paxos-standard
Paxos Standard (PAX) $ 1.00
ethereum-classic
Ethereum Classic (ETC) $ 6.26
vechain
VeChain (VET) $ 0.016547
true-usd
TrueUSD (TUSD) $ 1.00
ftx-token
FTX Token (FTT) $ 4.52
kucoin-shares
KuCoin Shares (KCS) $ 0.837923
waves
Waves (WAVES) $ 7.09