PancakeSwap DeFi DEX Details Patched Lottery Bug

2021-3-29 09:55

A vulnerability in the PancakeSwap crypto lottery protocol has been fixed before any bad actors could exploit it. The developer team is now divulging all the details.

In a post mortem type article on March 29, the PancakeSwap team detailed a bug in its lottery smart contract. A whitehat hacker discovered the critical vulnerability before any funds were stolen.

Blockchain and smart contract security firm Immunefi, in cooperation with a whitehat known as “Thunder,” facilitated the patch.

As a public service, we facilitated a whitehat disclosure to patch a vuln in @PancakeSwap's lottery contract.

Now, they're joining us with a $1,000,000 bug bounty. Amazing.

Check out the bug bounty here, and we'll post the postmortem analysis below.https://t.co/MmjepzsR3O

— Immunefi (@immunefi) March 29, 2021 Lottery Bug Patched

The post mortem elaborated on the vulnerability. It allowed a ‘multibuy’ function to purchase tickets while the lottery was still in the drawing phase.

“This meant that a user could see the lottery draw transaction, compute the winning lottery number, buy the right ticket during the draw, and frontrun with a high gas fee to win the lottery.”

It added that the block time is relatively short on Binance Smart Chain. So, computations for the winning ticket would need to be done quickly and would cost a very high gas fee.

At around $12 per CAKE and 20,000 CAKE per lottery, $240,000 per lottery could have been discreetly and repeatedly stolen. The team updated the smart contract to prevent compromised lottery draws in the future.

Every 12 hours the automated market maker runs a CAKE lottery which costs 1 CAKE per ticket. This gives the holder a random four-digit combination of numbers between 1 and 14. Participants must match all four numbers to win the pot.

PancakeSwap has hosted a million-dollar bug bounty with Immunefi, which launched on March 26.

DEX TVL and CAKE Price Update

PancakeSwap has experienced huge growth over the past month or so. At the same time, high gas fees render Uniswap impractical for those with smaller amounts to invest in DeFi.

According to crypto wallet provider Debank, PancakeSwap actually surpassed Uniswap in daily volumes briefly last week. DappRadar is reporting a total value locked for both DEXs at around $5.4 billion today.

PancakeSwap’s native token, CAKE, is trading for $16.97. This is a 4% gain from its daily open. It hit an all-time high of just under $20 on Feb. 20 and was close to tapping those levels again over this past weekend.

The post PancakeSwap DeFi DEX Details Patched Lottery Bug appeared first on BeInCrypto.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Mega Lottery Services Global (MLR) на Currencies.ru

$ 0.0029261 (+0.57%)
Объем 24H $1
Изменеия 24h: 7.48 %, 7d: -18.10 %
Cегодня L: $0.0029261 - H: $0.0029261
Капитализация $0 Rank 3494
Доступно / Всего 0 MLR / 1b MLR

bug pancakeswap lottery hacker discovered whitehat contract

bug pancakeswap → Результатов: 1