Zellic Finds Major Flaws in DeFi Fork, Risks 900% Trade Gains

In A Nutshell

A recent investigation by blockchain security firm Zellic has uncovered two significant vulnerabilities in a fork of the Gains Network leveraged trading protocol. These flaws could have allowed traders to secure a 900% profit on every trade, irrespective of market conditions. This discovery raises concerns about the security of forked protocols in the decentralized finance (DeFi) ecosystem.

Discovery of Exploits

Zellic’s report, dated April 19, reveals two distinct bugs in a fork of the Gains Network protocol, which enables leveraged trading across various tokens. The first bug, previously addressed in Gains but present in its fork, and the second, a novel vulnerability, could drastically skew profit calculations in favor of traders exploiting these flaws.

The first bug manipulated the stop-loss feature to guarantee profits, while the second took advantage of an overflow error, enabling traders to achieve a 900% profit on sell orders by setting the stop-loss or take-profit values to the maximum possible number in the Ethereum blockchain.

Steps Taken for Resolution

Upon discovering these vulnerabilities, Zellic promptly informed the development teams behind Gains forks, including Gambit Trade, Holdstation Exchange, and Krav Trade. These teams have since taken measures to ensure their protocols are not susceptible to the identified issues. Nevertheless, Zellic warns that other forks of Gains Network may still be at risk.

Gains Network, the original protocol, has facilitated over $25 billion in derivatives volume since its inception, leveraging its leveraged trading app, gTrade, which operates on the Polygon and Arbitrum networks. This high volume underscores the potential impact of such vulnerabilities within the DeFi sector.

Implications for DeFi Security

These findings spotlight the intrinsic risks associated with forked DeFi protocols. While forking can expedite development by utilizing pre-existing codebases, it also propagates any overlooked vulnerabilities across multiple platforms. The episode serves as a cautionary tale for developers and investors alike, emphasizing the importance of rigorous security audits, especially for protocols managing significant user funds.

Our Take

The discovery of these vulnerabilities within a fork of the Gains Network highlights a systemic issue within the DeFi space: the delicate balance between innovation and security. Forking is a double-edged sword; it can promote diversity and growth within the ecosystem but also poses significant security risks if not managed carefully. This incident should serve as a wake-up call for all stakeholders in the DeFi community to prioritize comprehensive security assessments and collaborative vulnerability disclosures to safeguard user assets and maintain trust in decentralized finance.

As the DeFi landscape continues to evolve, it is imperative for the community to foster an environment where security is paramount. This will not only protect investments but also ensure the long-term viability and credibility of DeFi as an alternative to traditional financial systems.

Sources

– Zellic security report
– Gains Network official website
– Blockchain analytics platform DefiLlama