ParaSwap Augustus v6 contract aimed at enhancing DeFi efficiency, was compromised allowing hackers to steal funds.
Through prompt white-hat involvement, the decentralized finance (DeFi) aggregator ParaSwap was able to detect a vulnerability in its recently released Augustus v6 contract and thereby prevent a massive loss of funds.
ParaSwap Augustus v6 Hacked
The ParaSwap Augustus v6 contract went live on March 18, intending to enhance the efficiency of swapping and lower the costs associated with gas. However, once accepted, a significant flaw in the contract allowed hackers to steal money.
On March 20, shortly after identifying the vulnerability, it halted the v6 application programming interface (API) and safeguarded the funds of the possible victims by employing a white-hat hacking technique.
To prevent any future loss of cash until the vulnerability is fixed, ParaSwap recommended that all users cancel their permissions to access the Augustus v6 contract. The hacker could withdraw funds from four distinct locations, totaling around $24,000.
However, it proactively tried to roll back the vulnerable v6 contract and warn customers to follow the appropriate procedures. It’s investigation revealed that the vulnerability affected 386 addresses in total.
Furthermore, the procedure mandated users to notify the appropriate authorities about any potential loss of funds missed during the preliminary examination.
The recently upgraded user interface (UI) of ParaSwap no longer supports the vulnerable v6 contract, instead switching to the v5 version.
The company noted that they have successfully recovered funds for all addresses and promised to provide additional information regarding the refund process soon. Affected users remain in danger for as long as they have not withdrawn their approvals.
ParaSwap suggests that individuals use exploit checker services such as Revoke to verify their security. Tools that use generative artificial intelligence (AI), such as the ChatGPT-4 are effective at producing code. The tools, on the other hand, cannot perform as an utterly dependable security auditor.
According to the findings of a recently published research paper by a pair of researchers from Salus Security, This blockchain security company has offices in North America, Europe, and Asia.
“GPT-4 can be a useful tool in assisting with smart contract auditing, especially in code parsing and providing vulnerability hints. However, given its limitations in vulnerability detection, it cannot fully replace professional auditing tools and experienced auditors at this time.”
According to their findings, ChatGPT effectively detects true positives and vulnerabilities worth investigating outside of a testing environment. During the tests, it achieved a precision of more than 80%.