ParaSwap Evades Augustus v6 Contract Hack

ParaSwap, a decentralized finance (DeFi) aggregator, was able to prevent a significant loss of funds thanks to the timely intervention of white hat hackers. The company had recently launched its Augustus V6 contract, which promised more efficient gas fee swapping compared to previous contracts. It was soon discovered that the contract had a critical vulnerability that could allow hackers to drain funds. On March 20, ParaSwap paused the application prog interface (API) for V6 and secured the funds of potential victims. They advised all users to revoke permissions to the contract to minimize further losses. Despite these efforts, a hacker still managed to cash out around $24,000 from four different addresses. A total of 386 addresses were affected by the vulnerability, and ParaSwap asked users to report any additional losses. They have since deactivated support for V6 on their user interface and reverted to using V5.

ParaSwap has assured users that they have successfully recovered funds for all affected addresses and will share more details about the refund process soon. Affected users remain at risk if they have not yet revoked their approvals. To confirm their safety, ParaSwap recommends individuals use exploit checker services like Revoke. It is essential for users to take steps to protect their funds in the face of vulnerabilities.

Generative AI tools like ChatGPT-4 show promise in generating and parsing code, but they have limitations as security auditors. According to a research paper by Salus Security, these tools can assist with smart contract auditing by parsing code and providing vulnerability hints. They cannot fully replace professional auditing tools and experienced auditors. While ChatGPT-4 is good at detecting true positives, which are vulnerabilities worth investigating, it still falls short in vulnerability detection compared to human expertise.

ParaSwap faced a critical vulnerability in its Augustus V6 contract but managed to prevent substantial losses thanks to white hat intervention. They have taken steps to recover funds and advised users to revoke permissions. A hacker still seized funds from several addresses. ParaSwap deactivated support for V6 and reverted to V5. Users should use exploit checker services to ensure their safety. Generative AI tools like ChatGPT-4 have potential in code parsing but cannot replace professional auditing tools.

Leave a Reply