- Blockchain security experts believe that a split in the winnings Network, an ecosystem of DeFi products on Polygon and Arbitrum, was enabling traders to claim 10X winnings on every deal, regardless of the price of their tokens transacted.
DeFi Llama states that Gains Network has a $20.29 million total value locked (TVL). It has processed $25 billion in derivatives trading activity since its founding in May 2023.
According to a Zellic report dated April 19, a single problem affecting a protocol fork made it possible for an attacker to set an arbitrary buy limit order and automatically win every deal.
This is how it operated: the protocol’s “Current Price” variable, which computes profit and loss, was updated with the stop-loss price at the time an order was opened. Therefore, customers could profit from the transaction risk-free if they put their stop/loss price above the open price.
Assume, for instance, if the price of Bitcoin was $60,000 and that a trader entered the market at $59,000 with a stop/loss of $61,000. The trade would be started if the price dropped to $59,000, but it would instantly fall below the trader’s stop-loss, forcing an early withdrawal.
In an ideal world, the trader would profit exactly zero dollars from this. Nevertheless, the system records a $2000 profit for the customer because the protocol’s “current price” was set at the stop-loss price of $61,000.
An attacker might completely deplete the protocol’s money if he made enough similar trades with high enough stop/loss ratios. Although there was a check in the protocol to prevent traders from setting their stop-loss above the buy-order open price, there were other exploits discovered that allowed traders to get around the check.
Zellic claimed that traders could have made a profit of 900% guaranteed using specific data.
This specific fault was not present in Gains itself, but only in a fork of Gains Network. But Zellic also discovered a flaw that affected an earlier iteration of the Gains protocol itself, enabling traders to make 900% profit on sell orders.
Zellic notified other teams in charge of overseeing the Gains forks, such as Krav Trade, Holdstation Exchange, and Gambit Trade, about the vulnerabilities, and each of them has taken steps to make sure their protocols are secure. It cautioned that further forks might still be lost.
Disclaimer : This article was created for informational purposes only and should not be taken as investment advice. An asset’s past performance does not predict its future returns. Before making an investment, please conduct your own research, as digital assets like cryptocurrencies are highly risky and volatile financial instruments.
