­
Stories From The Web3 Battlefield : DeFi Hacks Explained - All Articles - CISO Platform

 

Stories%20From%20The%20Web3%20Battlefield%20%20DeFi%20Hacks%20Explained.png?profile=RESIZE_710x

 

we will explore essential operational capabilities necessary for ensuring the security and integrity of decentralized finance (DeFi) platforms. Among these capabilities is the ability to blacklist wallets, transfer funds, and pause or terminate contracts in response to threats. Additionally, we will delve into a recent hack on a DeFi platform known as the Tendery hack, which involved a variation of price oracle misconfiguration. By examining these incidents, we aim to understand the importance of operational readiness and proper configuration in safeguarding DeFi systems.

 

 

Here is the verbatim discussion:

Right and two second thing we want you started on is having operation capability so important operational capabilities again starting there Blacklist wallets maybe they could black listed that wallet that imbalance the pool transfer pools right getting the money out of there basically saying All Is Lost and at least escaping with your money pause the contract kill the contract some sort of option some way to to respond to that threat another hack the tendery hack in earlier in March a def5 platform now this is actually a variation a price Oracle misconfiguration another publicly known event now in solidity the decimal point is not explicit or strictly defined it is implicit or understood essentially the owner decides where the decimal place will be and they handle it accordingly if you have let's say this is very simplified again a number with 10 places and the number is one eight and then eight zeros right with the decimal point at the second place that's quite a different number than 1 eight and eight zeros it's much larger now throughout this contract the numbers were being handled correctly right handled with desm plat where the owner wanted it to be all except for the GMX token it was not so one GMX token.

 

 

Highlights :

Essential Operational Capabilities:

  • Blacklisting Wallets: The ability to blacklist wallets helps prevent malicious actors from exploiting vulnerabilities within the system.
  • Transfer Pool Funds: Enabling the transfer of funds out of compromised pools can mitigate losses and prevent further exploitation.
  • Pausing or Terminating Contracts: Having the option to pause or terminate contracts provides a critical response mechanism to halt ongoing attacks and secure funds.

Tendery Hack: Price Oracle Misconfiguration:

  • Event Overview: The Tendery hack, which occurred in March, involved a variation of price oracle misconfiguration on a DeFi platform.
  • Solidity Decimal Handling: In Solidity, the decimal point is not explicitly defined, and the owner determines its placement. However, in this case, the GMX token's decimal handling was incorrect, leading to significant discrepancies in value.

 

The Tendery hack underscores the importance of proper configuration and operational readiness in DeFi platforms. By implementing essential capabilities such as wallet blacklisting and contract pausing, platforms can mitigate the risks posed by vulnerabilities like price oracle misconfigurations. It is crucial for DeFi platforms to remain vigilant and continually assess their operational capabilities to ensure robust security measures are in place. Through proactive measures and swift responses to threats, the integrity and trustworthiness of DeFi ecosystems can be maintained, fostering a safer environment for users and stakeholders alike.

 

Speaker:

Gregory Pickett is a renowned expert in the field of cybersecurity, currently serving as the Head of Cybersecurity. With extensive experience in identifying and mitigating security threats, Pickett is recognized for his deep understanding of both offensive and defensive cybersecurity strategies.

His leadership and insights have been instrumental in safeguarding digital assets and ensuring robust security protocols across various organizations.

 

https://www.linkedin.com/in/gregpickettcisspgciagpen/

 
 
Votes: 0
E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

CISO MeetUp: Executive Cocktail Reception @ Black Hat USA , Las Vegas 2025

  • Description:

    We are excited to invite you to the CISO MeetUp: Executive Cocktail Reception if you are there at the Black Hat Conference USA, Las Vegas 2025. This event is organized by EC-Council & FireCompass with CISOPlatform as proud community partner. 

    This evening is designed for Director-level and above cybersecurity professionals to connect, collaborate, and unwind in a relaxed setting. Enjoy…

  • Created by: Biswajit Banerjee
  • Tags: black hat 2025, ciso meetup, cocktail reception, usa events, cybersecurity events, ciso

6 City Playbook Round Table Series (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

  • Description:

    Join us for an exclusive 6-city roundtable series across Delhi, Mumbai, Bangalore, Pune, Chennai, and Kolkata. Curated for top cybersecurity leaders, this series will spotlight proven strategies, real-world insights, and impactful playbooks from the industry’s best.

    Network with peers, exchange ideas, and contribute to shaping the Top 100 Security Playbooks of the year.

    Date : Sept 2025 - Oct 2025

    Venue: Delhi, Mumbai, Bangalore, Pune,…

  • Created by: Biswajit Banerjee

National Insider Risk Symposium, Washington DC, USA 2025

  • Description:

    We are excited to invite you to the 10th National Insider Risk Symposium, a premier forum bringing together leaders and experts from both the commercial and public sectors to address the evolving landscape of insider threats. CISOPlatform is a proud community partner for this event. 

    Event Details:
    Venue: National Housing Center, 1201 15th St NW, Washington, D.C. 20005
    Dates: September 17–18,…

  • Created by: Biswajit Banerjee
  • Tags: national insider risk symposium, ciso, cybersecurity events, usa events