A fork of the Gains Network – an ecosystem of DeFi products on Polygon and Arbitrum – was allowing traders to claim 10X gains on every trade, no matter the price of their tokens traded, according to blockchain security experts.
Gains Network Infinite Money Glitch
Gains Network holds a total value locked (TVL) of $20.29 million, according to DeFi Llama. Since its inception in May 2023, it’s handled $25 billion in derivatives trading volume.
An April 19 report from Zellic highlighted how one bug impacting a fork of the protocol allowed an attacker to place an arbitrarily high buy limit order and win every trade automatically.
Here’s how it worked: when an order was opened, the stop-loss price was stored in the protocol’s “currentPrice” variable, which calculates profit and loss. As such, if users set their stop/loss price above the open price, they could freely profit from the trade, without risk.
For example, assume Bitcoin’s price was $60,000, and the trader entered $59,000 as their open price, and $61,000 as their stop/loss. If the price fell to $59,000, the trade would be opened, but the price would immediately be below the trader’s stop-loss, triggering an immediate exit.
Under normal circumstances, this should result in exactly $0 in profit for the trader. However, since the stop-loss price of $61,000 was set as the protocol’s “current price”, the system record $2000 in profit for the user.
Fixing The Bugs
If an attacker did enough trades of the like with high enough stop/loss numbers, he could entirely drain the protocol of its funds. While the protocol did contain a check to stop those trying to set their stop-loss above their buy-order open price, other exploits were found allowing attackers to bypass the check.
Using certain figures, Zellic said traders could have scored a guaranteed profit of 900%.
This particular bug was only found within a fork of Gains Network, rather than Gains itself. However, Zellic also found a bug that impacted a previous version of the actual Gains protocol, letting traders profit 900% on sell orders.
Zellic informed multiple teams managing Gains forks including Gambit Trade, Holdstation Exchange, and Krav Trade of the vulnerabilities, and all have ensured that their protocols are no longer vulnerable. Other forks, it warned, could still be at risk of loss.
Read the full article here
Leave a Reply