{"id":53677,"date":"2021-11-28T14:32:40","date_gmt":"2021-11-28T12:32:40","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=53677"},"modified":"2025-09-03T16:22:39","modified_gmt":"2025-09-03T13:22:39","slug":"dydx-developers-uncover-a-vulnerability-in-a-recently-deployed-smart-contract","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/dydx-developers-uncover-a-vulnerability-in-a-recently-deployed-smart-contract\/","title":{"rendered":"dYdX developers uncover a vulnerability in a &#8216;recently deployed smart contract&#8217;"},"content":{"rendered":"<p>The decentralized derivatives exchange dYdX warned of a vulnerability that was found in a &#8216;recently deployed smart contract&#8217;. The project team said that users&#8217; funds are safe and the bug has been promptly fixed.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">At 05:21 UTC today the dYdX team was alerted of a security issue with a newly deployed smart contract<\/p>\n<p>\u2757If you have set allowance to deposit to <a href=\"https:\/\/t.co\/1WbZbCpiuX\">https:\/\/t.co\/1WbZbCpiuX<\/a> since Wednesday 11\/24 read for important recovery information\u2757<\/p>\n<p>NO FUNDS WERE LOST AND ALL FUNDS ARE SAFE \ud83d\udd12<\/p>\n<p>\u2014 dYdX \ud83e\udd94 (@dydxprotocol) <a href=\"https:\/\/twitter.com\/dydxprotocol\/status\/1464572467872247815?ref_src=twsrc%5Etfw\">November 27, 2021<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>It is likely the smart contract responsible for &#8216;gasless&#8217; deposits of USD Coin (USDC) and swaps of certain <a href=\"https:\/\/u1f987.com\/en\/news\/what-are-erc-20-tokens\">ERC-20<\/a> tokens to USDC via the <span data-descr=\"application programming interface\" class=\"old_tooltip\">API<\/span> of the 0x liquidity aggregator. The platform added this capability on November 24, after the incident access to it was temporarily restricted.<\/p>\n<p>The bug was discovered by a white-hat hacker going by the handle Samczsun. The potential exploit affected 700 addresses holding tokens worth around $2 million. As part of the remediation process these assets were moved to an escrow contract address.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">samczsun saves the day again <a href=\"https:\/\/t.co\/eozlcDnRZf\">pic.twitter.com\/eozlcDnRZf<\/a><\/p>\n<p>\u2014 banteg (@bantg) <a href=\"https:\/\/twitter.com\/bantg\/status\/1464577081996718089?ref_src=twsrc%5Etfw\">November 27, 2021<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Only users who had authorised the platform to spend funds from their wallets after November 24 were affected. To recover assets from the escrow contract address, users must initiate the procedure from the relevant wallet.<\/p>\n<p>Users affected by the incident, when visiting the platform, will see the corresponding notice. Funds can be recovered at any time.<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\">\n<p lang=\"en\" dir=\"ltr\">Am i safe?<br \/>Paid 20$ for unset USDC. <a href=\"https:\/\/t.co\/1SEs9GvwX9\">pic.twitter.com\/1SEs9GvwX9<\/a><\/p>\n<p>\u2014 Yekta. (@yekovski) <a href=\"https:\/\/twitter.com\/yekovski\/status\/1464596993863561219?ref_src=twsrc%5Etfw\">November 27, 2021<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The project team promised to publish full details of the incident once affected users recover their funds.<\/p>\n<p>In September, dYdX developers <a href=\"https:\/\/u1f987.com\/en\/news\/dydx-developers-uncover-bug-in-the-safety-staking-pool-smart-contract\">discovered a bug in the staking-pool smart contract<\/a> for the DYDX governance token.<\/p>\n<p>Follow ForkLog news on <a href=\"https:\/\/www.facebook.com\/forklog\" target=\"_blank\" rel=\"nofollow noopener\">Facebook<\/a>!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The decentralized derivatives exchange dYdX warned of a vulnerability that was found in a &#8216;recently deployed smart contract&#8217;. The project team said that users&#8217; funds are safe and the bug has been promptly fixed.<\/p>\n","protected":false},"author":1,"featured_media":53678,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1301,1337],"class_list":["post-53677","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-blockchain-vulnerabilities","tag-dydx"],"aioseo_notices":[],"amp_enabled":true,"views":"13","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/53677","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=53677"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/53677\/revisions"}],"predecessor-version":[{"id":53679,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/53677\/revisions\/53679"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/53678"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=53677"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=53677"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=53677"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}