Primitive Finance Hacks Its Own Contracts to Prevent Exploit, Rescues 98% of Funds

Primitive Finance Hacks Its Own Contracts to Prevent Exploit, Rescues 98% of Funds

Primitive Finance, a decentralized options protocol, has taken the extraordinary step of hacking its own smart contracts to address a critical vulnerability. The exploit, discovered on February 22, posed a serious risk to user funds. With the contracts being immutable—neither upgradeable nor suspendable—the team acted swiftly to safeguard assets by executing a whitehat hack.

The platform announced that 98% of user funds were successfully rescued, though users must take further action to protect their remaining assets.

The Vulnerability: Infinite Approvals

1. Nature of the Exploit

• The vulnerability stemmed from “infinite approvals” on one of Primitive Finance’s smart contracts.
• Infinite approvals allow a contract to access an unlimited amount of a user’s tokens, creating a risk if the contract is exploited.

2. User Funds at Risk

• Although most funds were saved, wallets that allowed the vulnerable contract to access tokens could still face risks.
• Users must manually reset approvals to zero to secure their assets.

3. Swift Action Prevented Exploitation

• Primitive Finance’s quick response ensured that malicious actors were unable to exploit the vulnerability.

Primitive Finance’s Response: Whitehat Hack

1. Why Hack Their Own Contracts?

• Primitive Finance’s contracts are immutable, meaning they cannot be upgraded or suspended.
• The team executed a whitehat hack to protect funds before bad actors could exploit the vulnerability.

2. Collaborative Efforts

The rescue operation was a collaborative effort, with critical support from:

• Yannis Smaragdakis and Neville Grech (Dedaub)
• Mitchell Amador and Duncan Townsend (Immunefi)
• Emiliano Bonassi (ReviewDAO)

3. Outcome

• 98% of funds were safeguarded successfully.

User Action Required

Reset Token Approvals

Users who have interacted with the vulnerable contract must:

• Reset token approvals to zero for any assets associated with the contract.
• Follow Primitive Finance’s detailed instructions in their blog post to secure their funds.

About Primitive Finance

1. What Is Primitive Finance?

• A permissionless options protocol built on Ethereum.
• Liquidity providers earn yields on ETH, DAI, and other DeFi tokens by providing collateral to options markets.

2. Launch and Audit

• The protocol went live on Ethereum mainnet in December 2020.
• Open Zeppelin audited Primitive Finance’s code in August 2020.

DeFi Growth and Challenges

1. Explosive Growth in DeFi

• Total value locked (TVL) in DeFi has reached an all-time high of $50 billion, according to DappRadar.
• Leading protocols include MakerDAO ($6.7 billion) and Aave ($5.5 billion).

2. Security Concerns

• The Primitive Finance incident highlights ongoing challenges in DeFi security, including vulnerabilities in audited smart contracts.

Lessons and Implications

1. Importance of Ongoing Security

• Even audited protocols are not immune to vulnerabilities, underscoring the need for continuous code review and improvement.

2. Proactive Response

• Primitive Finance’s swift action prevented major losses, setting a standard for how protocols should handle critical issues.

3. User Awareness

• Users must remain vigilant, regularly reviewing and managing token approvals to mitigate risks.

Conclusion

The Primitive Finance smart contract exploit serves as a stark reminder of the risks in decentralized finance. While the protocol’s decisive actions saved most user funds, the incident underscores the need for robust security measures and proactive management in the rapidly growing DeFi sector.

For users, resetting token approvals is critical to safeguarding their assets. Meanwhile, Primitive Finance’s transparency and collaboration with security experts highlight the importance of community-driven solutions in the DeFi space.

To learn more about the innovative startups shaping the future of the crypto industry, explore our article on latest news, where we delve into the most promising ventures and their potential to disrupt traditional industries.