ParaSwap 在白帽的帮助下避免了 DeFi 灾难

Did ParaSwap Dodge a DeFi Disaster?

ParaSwap 躲过了 DeFi 灾难吗？

ParaSwap, a DeFi aggregator, has breathed a collective sigh of relief after narrowly averting a potential catastrophe. A critical bug in its AugustusV6 smart contract threatened to drain user funds, but swift action and some friendly assistance from white hat hackers saved the day.

DeFi 聚合器 ParaSwap 在险些避免了一场潜在的灾难后，大家都松了一口气。 AugustusV6 智能合约中的一个严重错误可能会耗尽用户资金，但白帽黑客的迅速行动和一些友好协助挽救了这一局面。

The Critical Flaw

关键缺陷

On March 18th, ParaSwap rolled out the AugustusV6 smart contract, aiming to streamline token swaps and lower fees. However, a vulnerability lurked beneath the surface, exposing user assets to potential theft. Thankfully, it was discovered within just two days of going live.

3 月 18 日，ParaSwap 推出了 AugustusV6 智能合约，旨在简化代币交换并降低费用。然而，一个漏洞潜伏在表面之下，使用户资产面临潜在的盗窃风险。值得庆幸的是，它在上线两天后就被发现了。

White Hat Heroes

白帽英雄

White hat hackers, the unsung heroes of the DeFi world, sprang into action, halting the API and securing user funds. Their quick intervention prevented a more significant loss of assets.

白帽黑客，DeFi 世界的无名英雄，立即采取行动，停止 API 并保护用户资金。他们的迅速干预避免了更严重的资产损失。

Refunding Users

给用户退款

ParaSwap swiftly launched an investigation and, after confirming the vulnerability, initiated a process to return funds to affected users. The exchange has successfully recovered and returned all assets to wallets that were revoked by white hat hackers.

ParaSwap 迅速启动了调查，并在确认漏洞后启动了向受影响用户返还资金的流程。该交易所已成功恢复所有资产并将其返还至被白帽黑客撤销的钱包中。

Addressing Unrevoked Allowances

处理未撤销的津贴

As of March 24th, ParaSwap identified 213 addresses that had not yet revoked their allowances to the affected contract. Revoking a smart contract essentially deactivates its functionality and prevents it from accessing user wallets.

截至 3 月 24 日，ParaSwap 确定了 213 个尚未撤销对受影响合约的配额的地址。撤销智能合约本质上会停用其功能并阻止其访问用户钱包。

Tracking the Hackers

追踪黑客

ParaSwap has teamed up with blockchain analytics and security firms Chainalysis and TRM Labs to identify hacker addresses and trace the movement of stolen funds. The team has also reached out to identified hacker addresses via on-chain messaging, urging them to return user funds.

ParaSwap 与区块链分析和安全公司 Chainaanalysis 和 TRM Labs 合作，识别黑客地址并追踪被盗资金的动向。该团队还通过链上消息联系已确定的黑客地址，敦促他们归还用户资金。

Legal Recourse

法律追索

If the hackers fail to respond by March 27th, ParaSwap will "pursue all criminal, legal, and administrative avenues" to recover the stolen assets.

如果黑客未能在 3 月 27 日之前做出回应，ParaSwap 将“采取一切刑事、法律和行政途径”来追回被盗资产。

Minimal Losses

损失最小化

Fortunately, the hackers managed to steal only $24,000 before the vulnerability was detected. The total losses were relatively small, thanks to the quick response of ParaSwap and white hat hackers.

幸运的是，在漏洞被发现之前，黑客仅窃取了 24,000 美元。由于 ParaSwap 和白帽黑客的快速反应，总损失相对较小。

Lessons Learned

得到教训

This incident serves as a sobering reminder of the importance of rigorous smart contract audits and continuous monitoring in the DeFi space. ParaSwap has taken steps to strengthen its security protocols and ensure that such vulnerabilities do not arise in the future.

这一事件清醒地提醒人们，严格的智能合约审计和持续监控在 DeFi 领域的重要性。 ParaSwap 已采取措施加强其安全协议，并确保将来不会出现此类漏洞。