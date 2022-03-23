2 popular DeFi altcoin projects with billions of dollars of TVL came up with security vulnerabilities. While the developer teams are preparing the autopsy report, the processes are temporarily suspended so that the security statements are not abused again.

$50 million hack attack on Solana network

To issue new CASH tokens, users deposit a certain amount of collateral covered by the cross-program call that transfers tokens from account to protocol. The program also checks the balance of the two accounts for the same type of token; otherwise the transfer is rejected. Samczsun showed his followers the full way to verify the remaining cryptos in the sender account. The “crate_collateral_tokens” function compares two accounts that must have the same type of token.

Unfortunately, however, the functions of issuing new tokens were never verified, which makes all the steps described above pointless as the primary function is not verified by the aforementioned process. After the hacker noticed the problem in the contract code, he started creating a fake accounts Blockchain before eventually creating a fake account (crate_collateral_tokens). In summary, due to a flaw in Cashio’s code that did not establish a foundation of trust for all accounts used, the attacker managed to steal at least $50 million.

Operations suspended in DeFi altcoin project

Cardano-based Minswap reports that it has detected a problem, but the funds are safe. They say the DEX was put into maintenance mode while the fix was being tested and fixed; therefore, users cannot trade in farming rewards for a while. The identified issue has not been disclosed to the community, but DEX plans to provide more details in an autopsy in the coming days.

The launch of SundaeSwap, a DEX and token-staking platform, marked a milestone in the Cardano ecosystem as the first dApp to use smart contracts. As Somanews reported, DEX got off to a bad start when users complained about their transaction speed. Since Minswap’s launch a few weeks ago, its TVL has reached $195.22 million, usurping SundaeSwap as the most dominant DeFi protocol. Currently, Minswap dominance is at 62.88%, with total locked value (TVL) in Cardano at $310 million.