Stories%20From%20The%20Web3%20Battlefield%20%20DeFi%20Hacks%20Explained.png?profile=RESIZE_710x

 

we will explore essential operational capabilities necessary for ensuring the security and integrity of decentralized finance (DeFi) platforms. Among these capabilities is the ability to blacklist wallets, transfer funds, and pause or terminate contracts in response to threats. Additionally, we will delve into a recent hack on a DeFi platform known as the Tendery hack, which involved a variation of price oracle misconfiguration. By examining these incidents, we aim to understand the importance of operational readiness and proper configuration in safeguarding DeFi systems.

 

 

Here is the verbatim discussion:

Right and two second thing we want you started on is having operation capability so important operational capabilities again starting there Blacklist wallets maybe they could black listed that wallet that imbalance the pool transfer pools right getting the money out of there basically saying All Is Lost and at least escaping with your money pause the contract kill the contract some sort of option some way to to respond to that threat another hack the tendery hack in earlier in March a def5 platform now this is actually a variation a price Oracle misconfiguration another publicly known event now in solidity the decimal point is not explicit or strictly defined it is implicit or understood essentially the owner decides where the decimal place will be and they handle it accordingly if you have let's say this is very simplified again a number with 10 places and the number is one eight and then eight zeros right with the decimal point at the second place that's quite a different number than 1 eight and eight zeros it's much larger now throughout this contract the numbers were being handled correctly right handled with desm plat where the owner wanted it to be all except for the GMX token it was not so one GMX token.

 

 

Highlights :

Essential Operational Capabilities:

  • Blacklisting Wallets: The ability to blacklist wallets helps prevent malicious actors from exploiting vulnerabilities within the system.
  • Transfer Pool Funds: Enabling the transfer of funds out of compromised pools can mitigate losses and prevent further exploitation.
  • Pausing or Terminating Contracts: Having the option to pause or terminate contracts provides a critical response mechanism to halt ongoing attacks and secure funds.

Tendery Hack: Price Oracle Misconfiguration:

  • Event Overview: The Tendery hack, which occurred in March, involved a variation of price oracle misconfiguration on a DeFi platform.
  • Solidity Decimal Handling: In Solidity, the decimal point is not explicitly defined, and the owner determines its placement. However, in this case, the GMX token's decimal handling was incorrect, leading to significant discrepancies in value.

 

The Tendery hack underscores the importance of proper configuration and operational readiness in DeFi platforms. By implementing essential capabilities such as wallet blacklisting and contract pausing, platforms can mitigate the risks posed by vulnerabilities like price oracle misconfigurations. It is crucial for DeFi platforms to remain vigilant and continually assess their operational capabilities to ensure robust security measures are in place. Through proactive measures and swift responses to threats, the integrity and trustworthiness of DeFi ecosystems can be maintained, fostering a safer environment for users and stakeholders alike.

 

Speaker:

Gregory Pickett is a renowned expert in the field of cybersecurity, currently serving as the Head of Cybersecurity. With extensive experience in identifying and mitigating security threats, Pickett is recognized for his deep understanding of both offensive and defensive cybersecurity strategies.

His leadership and insights have been instrumental in safeguarding digital assets and ensuring robust security protocols across various organizations.

 

https://www.linkedin.com/in/gregpickettcisspgciagpen/

 
 
E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform