Automated Market Maker Glide Finance Exploited, Post-Mortem Reveals It Was The Teams Own Fault
A little-known DEX, Glide Finance, was exploited for $300,000 late on Sunday, and funds were drained from their pair contracts.
The audit protocol said while diagnosing the root cause of the exploit, they found that it wasn’t the smart contract auditor Paladin Blockchain Security’s fault, rather their own. The team said,
“We made a fee parameter change post-audit and failed to update a number from 1000 to 10000 on the contract.”
“We are ashamed and disappointed in ourselves to have made such a mistake, as it could have easily been avoided with better due-process.”
The project is now contacting cryptocurrency exchanges to block transfers and has asked its users to withdraw any funds still deposited in Glide liquidity pools.
The Glide Finance team has also delayed the launch of farming on Tuesday, which would have allowed users to earn GLIDE tokens for liquidity mining and staking.
Oops, … @GlideFinance https://t.co/Qty6qugOtS pic.twitter.com/DwU4ItJVDQ
— PeckShield Inc. (@peckshield) October 18, 2021
Glide Finance is the first automated market maker (AMM), yield farming, and staking platform on Elastos Smart Chain (ESC), a sidechain to the Elastos mainchain that supports Solidity smart contracts. The project runs on a DPoS consensus mechanism to deliver a high-performance, scalable solution for the Elastos ecosystem.
80% of all swap fees on the platform are converted to ELA tokens and shared with platform users. According to the website, there are currently less than $650 worth of assets locked on the platform and one circulating GLIDE.
The team has released a request form for the victims to fill out their addresses if their balances are incorrect or their address has appeared on a list of affected addresses.
“We have not yet determined how reimbursement and/or resolution will occur but we are working on it.”
“We hope we can recover from this and move forward, but we realize our reputation may be irreparably damaged.”