SUI-based SUI-based protocol has lost about $ 2.59 million due to a well-known weakness introduced by the non-audited code deployed, according to the project.
According to Nemo’s post-mortem Assessment of the September 7 hack, a flaw in a function intended to reduce slippage that allows the attack to change the state of the protocol. This function, named “Get_Sy_amount_in_For_Exact_Py_out,” was pushed to the onchain without That Smart Contract Auditor asymptotic.
In addition, the Asymptotic team identified the issue in a preliminary report. However, the Nemo team admitted that its “team did not adequately address this security concern in a timely manner.”
Removal of the new code requires only one signature from a single address, allowing the developer to push the uninterrupted code onchain without disclosing the changes. Moreover, he did not use the confirmation hash provided in the audit for expansion, destroying the procedure.
This is not the first time a Hack is declared to be easily avoided. The report complies with the NFT trading platform Superrare suffers a $ 730,000 exploitation in late July Due to a major intelligent contract bug that experts have said that can easily be prevented with common test skills.
Related: Bubblemaps express the biggest attack on Sybil in crypto history in MYX AirDrop
Security methods changed late
The weak code was pushed to Onchain in early January. The upgrade procedure, which is likely to prevent the unobtrusive code from the onchain -deployed, was implemented in April.
Despite upgrading, weakness has reached the labor environment. Asymptotic warned Nemo’s weakness on August 11, but the project said it focused on other issues and failed to address it before exploitation.
Related: NPM failed to exploit highlights that threaten crypto security threats: Exec
Nemo stopped protocol, preparing a patch
According to the review, the NEMO protocol operators are now paused to prevent further losses. The team cooperates with many security teams and provides all relevant addresses to help freezing properties with centralized exchanges.
A patch has now been developed, and the asymptotic is the new code. The project said it removed its flash loan function, fixed the weak code and added a manual reset feature to restore the affected amounts. Nemo also designs a compensation plan for users, including debt structures at the tokenomics level.
“The main team generates a detailed user payment plan, including a debt repair design at the tokenomics level.”
Nemo apologized to his users and claimed to have learned that “security and management management demanded ongoing monitoring.” The team also promised to improve its defenses and apply stricter protocol control.
Magazine: North Korea Crypto Hackers Tap Chatgpt, Malaysia Road Money Siphoned: Asia Express
