ParaSwap 在白帽的幫助下避免了 DeFi 災難

Did ParaSwap Dodge a DeFi Disaster?

ParaSwap 躲過了 DeFi 災難嗎？

ParaSwap, a DeFi aggregator, has breathed a collective sigh of relief after narrowly averting a potential catastrophe. A critical bug in its AugustusV6 smart contract threatened to drain user funds, but swift action and some friendly assistance from white hat hackers saved the day.

DeFi 聚合器 ParaSwap 在幾乎避免了一場潛在的災難後，大家都鬆了一口氣。 AugustusV6 智慧合約中的一個嚴重錯誤可能會耗盡用戶資金，但白帽駭客的迅速行動和一些友好協助挽救了這一局面。

The Critical Flaw

關鍵缺陷

On March 18th, ParaSwap rolled out the AugustusV6 smart contract, aiming to streamline token swaps and lower fees. However, a vulnerability lurked beneath the surface, exposing user assets to potential theft. Thankfully, it was discovered within just two days of going live.

3 月 18 日，ParaSwap 推出了 AugustusV6 智能合約，旨在簡化代幣交換並降低費用。然而，一個漏洞潛伏在表面之下，使用戶資產面臨潛在的盜竊風險。值得慶幸的是，它在上線兩天后就被發現了。

White Hat Heroes

白帽英雄

White hat hackers, the unsung heroes of the DeFi world, sprang into action, halting the API and securing user funds. Their quick intervention prevented a more significant loss of assets.

白帽駭客，DeFi 世界的無名英雄，立即採取行動，停止 API 並保護用戶資金。他們的迅速乾預避免了更嚴重的資產損失。

Refunding Users

給予用戶退款

ParaSwap swiftly launched an investigation and, after confirming the vulnerability, initiated a process to return funds to affected users. The exchange has successfully recovered and returned all assets to wallets that were revoked by white hat hackers.

ParaSwap 迅速啟動了調查，並在確認漏洞後啟動了向受影響用戶返還資金的流程。該交易所已成功恢復所有資產並將其返還至被白帽駭客撤銷的錢包中。

Addressing Unrevoked Allowances

處理未撤銷的津貼

As of March 24th, ParaSwap identified 213 addresses that had not yet revoked their allowances to the affected contract. Revoking a smart contract essentially deactivates its functionality and prevents it from accessing user wallets.

截至 3 月 24 日，ParaSwap 確定了 213 個尚未撤銷對受影響合約的配額的地址。撤銷智能合約本質上會停用其功能並阻止其存取用戶錢包。

Tracking the Hackers

追蹤駭客

ParaSwap has teamed up with blockchain analytics and security firms Chainalysis and TRM Labs to identify hacker addresses and trace the movement of stolen funds. The team has also reached out to identified hacker addresses via on-chain messaging, urging them to return user funds.

ParaSwap 與區塊鏈分析和安全公司 Chainaanalysis 和 TRM Labs 合作，識別駭客地址並追蹤被盜資金的動向。該團隊還透過鏈上訊息聯繫已確定的駭客地址，敦促他們歸還用戶資金。

Legal Recourse

法律追索

If the hackers fail to respond by March 27th, ParaSwap will "pursue all criminal, legal, and administrative avenues" to recover the stolen assets.

如果駭客未能在 3 月 27 日之前做出回應，ParaSwap 將「採取一切刑事、法律和行政途徑」來追回被盜資產。

Minimal Losses

損失最小化

Fortunately, the hackers managed to steal only $24,000 before the vulnerability was detected. The total losses were relatively small, thanks to the quick response of ParaSwap and white hat hackers.

幸運的是，在漏洞被發現之前，駭客僅竊取了 24,000 美元。由於 ParaSwap 和白帽駭客的快速反應，總損失相對較小。

Lessons Learned

得到教訓

This incident serves as a sobering reminder of the importance of rigorous smart contract audits and continuous monitoring in the DeFi space. ParaSwap has taken steps to strengthen its security protocols and ensure that such vulnerabilities do not arise in the future.

這事件清醒地提醒人們，嚴格的智慧合約審計和持續監控在 DeFi 領域的重要性。 ParaSwap 已採取措施加強其安全協議，並確保將來不會出現此類漏洞。