OpenZeppelin revealed 'The high severity of the damage in DeFi Argent wallet
A highly serious user flaw was found and patched in Argentina's Ethereum wallet, according to leading white hat hacker OpenZeppelin.
On Friday, OpenZeppelin security researcher Alice Henshaw uncovered a flaw in Argent that allowed users to withdraw money from wallets without the Argentinian guardian.
According to an OpenZepplin blog post and press release, news of this discovery was first shared with Argent on June 12:
Open OpenZeppelin research, which revealed an error in the latest version of the Argent smart contract, allows anyone to activate the wallet recovery process without a signature - on any wallet with a guardian. equal to 0 - as soon as the wallet is upgraded.
If hacked, the user only has 36 hours to prevent the wallet's withdrawal. Even then, users could freeze their money through a denial of service (DoS) attack, OpenZeppelin wrote.
According to Henshaw, the flaw stemmed from the March 30 wallet update. OpenZeppelin said that 329 wallets with 162 ether (ETH) and decentralized financial tokens (DeFi) were not revealed to be at risk. Another 5,513 wallets are also vulnerable, once they update to Argentina's new software, the blog claims.
No Argentine fund was affected and a patch was issued, according to the company. Henshaw received $ 25,000 in compensation.
Argentine spokesman only had 61 wallets without a guard and with the update affected was at risk, Argentine spokesman Matthew Wright told CoinDesk. Our security model means they have 36 hours to block it by touching ‘Cancel on app. 0 funds were lost. We think it highlights the benefits of having an open source security model and we are happy to award OpenZeppelin for their work.
Argent acknowledged the flaw in a tweet Friday morning, thanking OpenZeppelin for its work:
In March, Argent raised $ 12 million in Series A led by Paradigm Ventures. The wallet integrates with popular DeFi products like Maker and Compound.
The flaw discovered by our security researchers could lead to many users losing control of their money when they upgrade to the latest version of the Argentine wallet, CEO of Dem Open Breppelin. , Demian Brener said in a statement. The Argentinian team took quick action to fix this problem so that no user money was affected.