Jun 2020 - DeversiFi Launch Exploit - $0k (Global)
"D[e]versiFi is a decentralized exchange platform, which was audited by PeckShield."
"Our decentralised exchange is the easiest way to access DeFi opportunities on Ethereum: invest, trade, and send tokens without paying gas fees." "We’ve got a suite of tools to help you make the most of DeFi. From managing your crypto portfolio, to trading, swapping and sending assets and tokens and even putting your investments to work earning you rewards and interest."
"Getting started with DeversiFi couldn't be simpler, whether you’re a crypto ninja or just starting out, our DEX really is the simplest way to access all the opportunities of decentralised finance."
"The core smart-contracts employed by DeversiFi to secure customer funds on the Ethereum blockchain were designed and deployed by StarkWare Industries. StarkWare are leaders in the field of cryptography and blockchain systems. [An] independent audit report was made by PeckShield."
"The new version of DeversiFi encountered a vulnerability in less than a week after it was launched. The official said that it would be fixed as soon as possible. The cause of this vulnerability was that a trader tried to submit an order larger than the limit, and the logic of why the system designed order limit is to avoid user's misoperation. After that, the system still repeatedly submitted the order, but it was continuously rejected by the system, which affected the processing of other orders."
"Over a 20 minute period in the early hours of Wednesday 10th June UTC five DeversiFi traders encountered an issue where submitted orders were not executed immediately and therefore their balances did not immediately clear."
"The cause of the overnight issue was a trader trying to place an order that was greater than the maximum order size allowed for a particular pair. Maximum order sizes are fixed for each pair in proportion to the token market size and are to help protect traders against ‘fat finger’ or ‘mis click’ trades."
"The maximum order size bug was not something that we had run into frequently during testing as we were testing using ETH/USDt and wBTC/USDT markets, which have very large maximum order sizes. The error unfortunately resulted in the trader’s balances not showing as cleared in the U.I This is because the system was continually trying to place the large order, but was continually rejected."
"This bug unfortunately caused knock-on problems with some other order processing. The good news is that this is an easy error to handle, our developers are working on the solution and it will be implemented shortly."
"From the entire DeversiFi team, please accept our apologies." "All of the issues relating to this error have been cleared save for two impacted traders. We are being extra cautious with the fix and for proper diligence, want to make sure it is properly implemented and fully tested. If you are one of the two remaining impacted traders, please reach out to @RossMidd on Telegram or at submit a support ticket at support.deversifi.com"
Further Analysis
The first version of the DiversiFi platform imposed an order limit, however when a transaction failed it would be retried automatically. This resulted in a degredation to the speed with which other orders were processed. There don't appear to have been any funds lost. DeversiFi has since rebranded their project as Rhino Finance.
How Could This Have Been Prevented?
More Cryptocurrency Exchange Hacks/Scams/Frauds
Good Cycle Ponzi Blackmailed > > < < Amfeix Ponzi Scheme
Sources/Further Reading
SlowMist Hacked - SlowMist Zone (Jun 26)
Decentralized Cryptocurrency Exchange | Ethereum Exchange | DeversiFi (Oct 13)
Smart Contract Audit Report | DeversiFi (Oct 13)
DiversiFi, Formerly Ethfinex, Launches Its DEX 2.0 With Starkware; Processing 9,000 + TPS (Dec 11)
DeversiFi Platform Performance Issues Wednesday 10th June | DeversiFi (Dec 11)
 t.me/QuadrigaInitiative
|
 /r/QuadrigaInitiative
|
 @QuadrigaInit
|
 info@quadrigainitiative.com
|