Staking Bug Prevention: Review of Events (No Funds Stolen)

If you haven’t unstaked yet, immediately follow the instructions here or you risk losing your funds: https://dexfolio.medium.com/staking-bug-found-follow-these-instructions-immediately-dont-worry-no-funds-lost-b5ece2df2536

tl;dr: Our approach to protect user funds was chosen by our team with guidance from the experts at immunefi. This was hands down the best way to handle this specific bug to ensure the safety of everyone’s funds. All funds protected so far (unstake if you haven’t yet!)

We were notified of a bug in the staking contract through the Immunefi’s Bug Bounty. We had to get unstaking instructions to our investors immediately to protect their funds.

It’s important to keep in mind that every contract is susceptible to vulnerabilities, and that’s why audits and bug bounties exist. In this case, we did both. And there’s a reason bug bounties are gaining popularity: The bug bounty uncovered a bug that the auditors and our developers missed.

Why We Made a Fake Announcement

Since this bug could be exploited at any time, we could not reveal the existence of the bug or else we would compromise the users funds a lot more. (A contract with a that’s revealed to be exploitable is much riskier).

Further, since the staking contract is controlled by governance, we could not fix the issue by deploying new code.

We were left in a difficult situation: We needed to have as many people unstake at the same time when the bug is revealed, but that meant we needed everyone online at the same time when we reveal the bug announcement. How could we get everyone online together?

With Immunefi’s guidance, we decided to create a mystery announcement telling everyone to be online on Aug 20 at 13:00 UTC. This would ensure as many community members as possible were online together, allowing everyone to unstake at the same time.

Additionally, we tracked down the highest value stakers, since we wanted to make sure they would be online during the announcement. We only had the addresses of the largest stakers, but had no way to contact them, so we made an announcement that we want to reward the largest stakers, and thankfully this announcement allowed us to get in touch with our highest stakers.

This direction was chosen by our team with guidance from the experts at Immunefi. This was hands down the best way to handle this specific bug in the contract to ensure the safety of everyone’s funds.

We are sorry for creating fake excitement and causing people to change their schedule. We only did this to protect everyone’s money.

This is a promise: We will do anything in our power to protect your funds. We take this responsibility seriously.

What Happens to The Staking Rewards that You Earned?

After staking is fixed, everyone that unstaked will have the choice to restake to get back their earned rewards.

When you restake, we will aim to give you back all the rewards you are owed (we have a complete snapshot of everyone’s rewards right before the unstaking announcement)

A multi-DEX tracker with an intelligent alert system. $DEXF, our native token runs on Binance Smart Chain and is used for governance and pro features.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Why your frontline workers are the first frontier for cybersecurity

[Upbit Notice] Digital assets and Fiat deposit audit report (as of October 1st, 2021)

{UPDATE} Soccer Free Kick Best Player Hack Free Resources Generator

Why it is important to redirect HTTP website to HTTPS and How?

Top Security and Privacy News: Scrambled Bits Vol. 36

Apache Hadoop: A Review on Security Issues and Solutions for HDFS

A Brave step toward a decentralized web

What is Vulnerability Assessment and Penetration Testing (VAPT)?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Dexfolio | $DEXF | dexfolio.org

Dexfolio | $DEXF | dexfolio.org

A multi-DEX tracker with an intelligent alert system. $DEXF, our native token runs on Binance Smart Chain and is used for governance and pro features.

More from Medium

📢 ATTENTION!!! ASK ME ANYTHING — ANIMVERSE x CRYPTO STALKERS

(EN) Mad’s Crypto Corner #AMArathon with Vulture Peak Recap

Mongoose Coin: The Day Congress Interrogated Crypto and Accidentally Created a Movement

December 13st Introducing the coincircle app