ParaSwap, a decentralized finance (DeFi) aggregator, averted a potential hack targeting its newly launched Augustus v6 contract by swiftly identifying and neutralizing a critical vulnerability.
The Augustus v6 contract, which went live on March 18, aimed to enhance swapping efficiency and reduce gas fees. However, shortly after its launch, ParaSwap discovered a flaw that could have allowed hackers to drain funds from approved transactions.
Taking prompt action on March 20, ParaSwap halted the v6 application programming interface (API) and safeguarded users’ funds through a white hat intervention, preventing any significant loss.
⚠️ We discovered a critical vulnerability affecting users who approved the Augustus V6 contract.
We took immediate action by pausing the V6 API and conducting a white hack that secured funds for users who were at risk. These funds are now securely held in a Safe Wallet…
— ParaSwap (@paraswap) March 20, 2024
To mitigate further risks, ParaSwap advised all users to revoke permissions granted to the vulnerable Augustus v6 contract until the vulnerability is addressed.
Despite ParaSwap’s proactive measures, the hacker managed to exploit the vulnerability, cashing out approximately $24,000 across four different addresses. In total, 386 addresses were potentially affected, prompting ParaSwap to urge users to report any losses and deactivate support for the vulnerable v6 contract on its user interface (UI).
ParaSwap assured affected users that funds had been successfully recovered for all addresses and shared details about the refund process.
We're starting the refund process. To make it as smooth as possible, we request that everyone affected fills out this form: https://t.co/23Hh9z2xJ8
A separate submission per token per chain is required.
You can double-check your address & tokens here https://t.co/jV0Qj99yss
— ParaSwap (@paraswap) March 20, 2024
To ensure safety, ParaSwap recommended users utilize exploit checker services like Revoke to verify the revocation of approvals and minimize the risk of further exploitation.