PeckShield Inc. Profile picture
Sep 19, 2022 9 tweets 7 min read Read on X
1/ We are thrilled to announce a self-service SaaS platform-#KillSwitch, which aims to detect exploitation TXs before their block inclusion and take contingency measures to block the attack or prevent assets from being stolen. It is in-essence a frontrunning-based DeFi protection Image
2/ #KillSwitch is proposed with the observation that DeFi exploits/hacks pose a significant, serious threat to the security of our ecosystem. In particular, this year’s DeFi hacks have so far resulted in a whopping $2.1B loss, 25% increase from 2021 and 8 times more than 2020. Image
3/ 🧵How it works?
#KillSwitch includes a number of background agents that constantly monitor mempool TXs, locate those malicious ones with real-time simulation, and preemptively neutralize the damage with a just-in-time protocol pause or an emergency fund withdrawal. Image
4/ To streamline the self-service process, #KillSwitch is divided into three steps: a) specify the triggering condition, b) sign a contingency TX, and c) turn on the protection.
All these three steps are readily accessible within the #KillSwitch platform. Image
5/ The triggering condition captures the fact of a significant loss from an exploit and requires knowing the protocol address, the asset, and a loss percentage. For multiple assets, we specify the loss for each. #KillSwitch is triggered if any asset is lost up to the percentage. Image
6/ The contingency TX will be executed by #KillSwitch upon the condition being triggered. It needs to be prepared & signed by the protocol management team to pause the protocol or rescue the funds. Note we do NOT have access to the private key (and will not ask for it either). Image
7/ #KillSwitch is turned on by constantly monitoring TXs in mempool and simulating each execution to locate and match malicious ones against the above triggering conditions. The self-service platform will automatically collect and report execution results for your access. Image
8/ #KillSwitch is experimental and free of charge to the DeFi community. For supported chains or possible limits/restrictions, reach out to t.me/peckshield
@ethereum @BNBCHAIN @0xPolygon @AaveAave @CurveFinance @VenusProtocol @compoundfinance @AlpacaFinance
9/ #KillSwitch Explainer Video. And sign up at t.me/peckshield

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with PeckShield Inc.

PeckShield Inc. Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @peckshield

Mar 13, 2023
1/ @eulerfinance was exploited in a flurry of txs on Ethereum (one hack tx: etherscan.io/tx/0xc310a0aff…), leading to the lost of ~$197m from the project.
2/ The hack is made possible due to the flawed logic its donation and liquidation. Specifically, the donateToReserves needs to ensure the donator is still over-collateralized. And liquidation needs to ensure the *correct* conversion rate from borrow to collateral asset.
3/ To illustrate, we use the hack tx: etherscan.io/tx/0xc310a0aff… and show the key steps below:
Read 5 tweets
Feb 16, 2023
1/ @Platypusdefi was exploited by a flash loan attack on Avalanche (tx: snowtrace.io/tx/0x1266a937c…), leading to the gain of ~$8.75m for the exploiter. Image
2/ The hack is made possible due to a flawed impl in its MasterPlatypusV4 contract. Specifically, the emergencyWithdraw func incorrectly evaluates the insolvency before the collateral removal, resulting in an insolvent debt position of ~41.7M after the emergency withdrawal. Image
3/ To illustrate, we use the hack tx: snowtrace.io/tx/0x1266a937c… and show the key steps below: Image
Read 4 tweets
Feb 10, 2023
1/ @dForcenet was exploited in a flurry of txs on Arbitrum & Optimism (one hack tx: arbiscan.io/tx/0x5db5c2400…), leading to the total gain of ~$3.65m for the exploiter.
2/ The hack is made possible due to the price manipulation of the @dForcenet wstETHCRV-gauge asset via reentrancy (via wstETHCRV.remove_liquidity), so that the exploiter can liquidate a number of positions w/ the wstETHCRV-guage as collateral. Image
3/ To illustrate, we use the above tx to show the key steps: arbiscan.io/tx/0x5db5c2400… Image
Read 4 tweets
Feb 3, 2023
1/ Again, a $3M lesson from the reentrancy bug! The @orion_protocol is hacked due to a reentrancy issue in its core contract: ExchangeWithOrionPool. Both eth/bsc deployment are hacked. Here are the two related hack txs: bscscan.com/tx/0xfb153c572…
etherscan.io/tx/0xa6f63fcb6…
2/ The hack is made possible due to incomplete reentrancy protection: swapThroughOrionPool func allows user-provided swap path w/ crafted tokens whose transfer can be hijacked into re-entering depositAsset func to increase user balance accounting w/o actually costing funds!
3/ To illustrate, we use the hack tx bscscan.com/tx/0xfb153c572… and show the key steps below:
Read 4 tweets
Feb 1, 2023
The @BonqDAO is exploited and its price oracle is manipulated to increase the #WALBT price. Here is the example hack tx: polygonscan.com/tx/0x31957ecc4…
Using the above tx as an example, with the manipulated #WALBT price, the malicious actor is able to mint >100M #BEUR.
In a follow-up tx, the actor further manipulates the #WALBT price and liquidates a bunch of (33) troves: polygonscan.com/tx/0xa02d0c3d1…
Read 4 tweets
Oct 27, 2022
1/ @TeamFinance_ was exploited in etherscan.io/tx/0xb2e3ea72d…,
leading to the loss of ~$15.8M for the protocol: $11.5M (V2_USDC_CAW)+$1.7M(V2_USDC_TSUKA)+0.7M(V2_KNDX_WETH)+1.9M(V2_FEG_WETH). @trustswap
2/ The protocol has a flawed migrate() that is exploited to transfer real UniswapV2 liquidity to an attacker-controlled new V3 pair with skewed price, resulting in huge leftover as the refund for profit. Also, the authorized sender check is bypassed by locking any tokens.
3/ The initial fund (1.76 ETH) to launch the hack is withdrawn from @FixedFloat. Currently all stolen funds are still parked in the following account (880 ETHs, 6.4m DAIs, 11.8m TSUKAs and 74.6trillion CAWs) etherscan.io/address/0xba39…
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(