Blockchain safety agency Chainlight mentioned it acquired a $10,000 bounty for uncovering a possible vulnerability that would have jeopardized $32 million in buyer funds on Optimism-based decentralized trade (DEX) Perpetual Protocol.
In a Nov. 9 publish on social media platform X (previously Twitter), Chainlight detailed the way it reported a vital bug in Perpetual Protocol’s “AccountBalance” contract final 12 months. In keeping with the agency, the contract is a pivotal part that “serves because the protocol’s mind for calculating place values.”
The vulnerability posed a extreme menace to the DEX, putting the complete $32 million USDC held by the protocol vulnerable to being misappropriated.
This flaw had the potential to permit dangerous actors to swiftly transfer the complete $32 million inside a five-minute timeframe, leaving the protocol with inadequate time to deploy efficient safety measures.
The white-hat hacker detailed that an attacker may manipulate asset costs via a pump-and-dump technique, exploiting unstable worth actions to put place orders outdoors the permissible vary and instantly revenue, ensuing within the protocol’s dangerous debt.
In acknowledgment of its efforts, Chainlight mentioned it received $10,000 price of Perpetual Protocol’s native PERP tokens.
Perpetual Protocol’s low bounty attracts critics
The $10,000 bounty has generated a number of reactions from the crypto neighborhood, who argue it was inadequate contemplating the protected quantity.
Belief, the pinnacle of safety at blockchain auditing agency TrustSec, labeled the reward as one other occasion of a bounty rip-off, asserting that it didn’t adequately mirror the gravity of the state of affairs.
Protocol Specialist at Coinbase, Viktor Bunin, additionally questioned why the bounty was so low.
Juancito, a blockchain safety researcher, criticized the meager bounty supply, suggesting that white-hat hackers’ contributions to the ecosystem should not appropriately valued.
Equally, Blurpoint famous that white-hat efforts typically go unappreciated, emphasizing the significance of acknowledging and adequately compensating these contributions.
Web3 safety professional CryptoBandit shared a comparable expertise, recounting how he shared a vital vulnerability that would have led to $40 million in losses with the DEX however solely received $30,000 as bounty rewards.
This example underscores the challenges white-hat hackers face inside the trade, as they aren’t correctly incentivized to assist crypto platforms expose vulnerabilities inside their codes.
