ParaSwap thwarted a hacking attempt aimed at exploiting vulnerabilities in the Augustus v6 contract.
After discovering a vulnerability in the v6 API, ParaSwap paused the service and began working on a plan to reimburse any potential victims.
ParaSwap found a vulnerability in its Augustus v6 contract, but a white hat hacker intervened before the vulnerability could be exploited, preventing a significant loss of funds.
On March 18, the Augustus v6 contract was launched to improve reduced efficiency and reduce gas fees. However, a critical vulnerability was discovered in the contract, which would have allowed hackers to steal funds from those who approved it.
Upon discovering the vulnerability on March 20, ParaSwap halted the v6 API and managed to secure the funds of those who may have been affected through the intervention of a white hat hacker.
ParaSwap advised all users to revoke access to the Augustus v6 contract to prevent further loss of funds until the vulnerability is fixed.
While ParaSwap acted quickly to roll back the vulnerable v6 contract and notified users of the need to revoke permissions, the hacker still managed to steal approximately $24,000 from four different addresses.
A total of 386 addresses were impacted by the vulnerability, according to ParaSwap.
The protocol encouraged users to report any loss of funds that may not have been noticed during the initial investigation.
In addition to alerting users and asking them to report any losses, ParaSwap disabled the v6 contract on its updated user interface and reverted to the use of the v5 contract.
“We have successfully recovered funds for all addresses, and more details about the refund process will be shared soon,” the company added.
Until users revoke their approvals, they remain at risk, and ParaSwap advises them to use tools like Revoke to check for exploits and make sure they’re safe.
As per findings presented in a recent research paper by two scholars affiliated with Salus Security, a global blockchain security firm operating across North America, Europe, and Asia:
“GPT-4 can be a useful tool in assisting with smart contract auditing, especially in code parsing and providing vulnerability hints. However, given its limitations in vulnerability detection, it cannot fully replace professional auditing tools and experienced auditors at this time.”
According to the researchers, ChatGPT is good at identifying true positives, which are actual vulnerabilities worth investigating. In testing, the tool had greater than 80% precision, which is a measure of how many results that were marked as positives were positives.
Read also: Peter Schiff regrets not buying bitcoin despite prior criticisms
