🪲 Hackers Wanted: $1M Bounties Entice White Hats to Hunt for DeFi Bugs
Hello Defiers! Here’s what we are covering today,
The open economy is taking over the old one. Subscribe to keep up with this revolution. Click here to pay with DAI (for $100/yr) or sub with fiat by clicking on the button below ($15/mo, $150/yr).
🙌 Together with:
Balancer, one of the leading DeFi automated market makers (AMM) for multiple tokens. Dive into their pools at
Kraken, consistently rated the best and most secure cryptocurrency exchange, which can get you from fiat to DeFi
Aave, an open-source and non-custodial liquidity protocol where users can earn interest on deposits and borrow assets.
The DeFi Pulse Index, by Index Coop - DPI is the easiest way to capture the upside of DeFi with the benefit of diversification. Buy DPI today on your favorite DEX.
TLDR There’s been an art theft of NFTs! An attacker stole tokens from a DAO called Bright Moments and used them to mint the remaining 309 NFTs involved in the organization’s flagship project, CryptoVenetians. The project announced on Discord that one of its members fell victim to a phishing attack which exposed their private key.
MINT In response to the hack, the CryptoVenetian team recommended that no one purchase the NFTs beyond the last legitimate mint, number 691, saying that the stolen assets will not be included in the project’s roadmap.
VENICE The project had an emphasis on the physical world. CryptoVenetians were supposed to be minted only by visiting the Bright Moments gallery in Venice, California. Visitors would receive Bright Moments BRT tokens, which they could then use to mint their NFT on the ArtBlocks platform.
NEWS Curve Finance, the decentralized automated market maker (AMM) focused on stablecoin swaps, continues to cement its position as one of the cornerstones of DeFi and holders of its veCRV governance token continue to reap the rewards.
VOTES On Aug. 12, Yearn founder Andre Cronje released a tool that allows DeFi projects to bribe veCRV holders with token rewards in exchange for their votes.
YIELDS Curve conducts a weekly governance vote to determine the allocation of CRV rewards to the various liquidity pools on its platform. It’s these votes that the DeFi protocols are after since they directly impact the yields they can offer to their users.
TLDR Mango Markets, a decentralized exchange (DEX) on Solana, raised $70M from the sale of its governance token $MNGO. Over a two-day sale period ending on August 11, buyers claimed 500M $MNGO tokens, in what the team called a “fair launch.”
STAKED Mango tokens give holders entry to the Mango DAO that governs the Mango Markets protocol. Anyone with at least 0.1% of Mango tokens staked can propose governance actions and protocol upgrades. The maximum $MNGO supply is 10B, with 1B currently in circulation.
LAUNCH The entire $70M raised from the token launch will go to Mango DAO’s insurance fund to provide cushion for Mango Protocol lenders in the event of extreme volatility causing excess losses in the system, according to the protocol’s Litepaper. Mango Markets offers margin trading and perpetual futures, with a focus on low latency, low transaction costs and full decentralization.
NEWS Rarible is lowering the barrier to entry for developers looking to launch NFTs projects. On August 12, the NFT platform launched Rarible Protocol, an open-source toolkit for developers to create custom NFT storefronts and marketplaces. The tech stack includes contracts, standards, and APIs for minting, exchanging and indexing NFTs.
ACCESSIBLE Rarible is one of the most accessible NFT platforms. Rarible allows every user to mint and sell their own NFTs rather than require artists to be invited, a feature of rivals such as Foundation and SuperRare.
MARKETS “The Protocol does almost all the work, so developers can now proliferate the type of front-end NFT project they dream of across markets, without all of the back-end heavy lifting,” said Rarible co-founder and head of product, Alexander Salnikov.
In this week’s feature, Bailey Reutzel delves into the wild world of bug bounties and the push by a new player, Immunefi, to help protocols defend themselves from exploits.
THE SCENE: Should I just steal the money?
There’s a vulnerability in the code… Of a DeFi protocol with $3B in TVL. I was just looking at the open-source code for fun. But now, it’s serious. There’s a bug bounty, a reward that pays out $10K to anyone who finds a major weakness. But exploiting this vulnerability would let me siphon off $2M in user funds. Seems pretty critical. $10K? Over $2M? It’s either rob or get robbed, right?
SO WHAT That’s the temptation hackers must wrestle with when they find vulnerabilities in crypto code. While there are bug bounty programs that recognize and compensate hackers who report bugs in project’s code, they typically don’t offer rewards that seem appropriate for the potential damage if the bugs were exploited. Plus, hackers, even white hats, can be treated like a nuisance or a threat, and some are outright dismissed.
BADLAND Immunefi is a nine-month old platform that’s jumped right into the middle of this dilemma. It connects crypto protocols with hackers and is aiming to professionalize a lawless badland in cybersecurity — DeFi. The reason is obvious: There’s a lot of money at risk right now. Sensational exploits like this week’s $600M hack of Poly Network — and the perpetrator’s decision to return much of the loot — are making headlines all the time.
Molly Wintermute Releases Hegic V8888: 0% Trading Fees and Gas Fee-Free Options Trading
Hegic V8888 is live in mainnet:
Hegic is an on-chain peer-to-pool options trading protocol built on Ethereum. With Hegic, DeFi and crypto users can trade 24/7 American, cash-settled, on-chain ETH and WBTC call / put options with no KYC or registration required for trading.
Hegic was founded 1.5 years ago in February, 2020. Hegic V888 (the previous version) was live for 10 months. The results achieved by V888:
● $492,075,000 total volume
● $22M record daily volume
● 6,450 options traded
● 2,825 unique users
● $10,415,000 earned by HEGIC staking lots holders
Introducing Hegic V8888
Trading Options on Hegic V8888
● 0% trading fees: pay only a premium
● 100% gas fee-free options trading
● The lowest prices for ETH and WBTC call / put options
● Auto-exercising of in-the-money options
● Tokenized options for trading on the secondary market
● 90 days is the new maximum period of holding options
Earning Yield on Hegic V8888
● Zero-loss options selling pools with auto-hedging
● x2 higher capital efficiency with flexible collateralization
● Independent pools for selling call and put options
● Individual lock-ups for each liquidity tranche deposited
● Pools’ unrealized profits front-running prevention
● Real-time data on pools APY and P&L per each option sold
Use Hegic now:
Earlier this week, I got attacked by penguins. Not real ones, mind you. These were Pudgy Penguins — a flock of Twitter accounts with cartoon penguins as their avatars, which descended on me with messages like “Welcome to club pengu!” and “Enjoy the huddle!” As the replies flooded past, I saw penguins with sunglasses and penguins wearing sombreros, penguins with bow ties and penguins with mohawks.
Tally, a platform that builds governance infrastructure for decentralized autonomous organizations (DAOs), announced Thursday it raised $6 million in a funding round led by Blockchain Capital and Placeholder. But the round wasn’t entirely funded by venture capital.
Binance has completed the scheduled spot trading system upgrade and will resume all trading activity at 2021-08-13 06:30 AM (UTC). Withdrawals will be opened within 2.5 hours of trading being resumed.
SushiSwap started in August 2020 as a fork of the popular DEX platform Uniswap by an anonymous developer with an additional mechanism meant to incentivize Uniswap volume to migrate to the new platform.
This is a public version of the newsletter and both paid and free subscribers are receiving it.
Free subscribers get:
Daily news briefings
Paid subscribers get:
Full transcript of the weekly podcast interview
Early access to opinion columns and research pieces
Exclusive access to Inbox Dump where we send all the press releases that didn’t make it to the newsletter (Saturday)
Exclusive access to subscribers-only Discord chat
Exclusive access to bi-weekly community calls
✊ Head to THEDEFIANT.IO for more DeFi news 📰
🧑💻 ✍️ Stories in this newsletter were written by Brady Dale, Dan Kahan and Owen Fernau, and edited by Camila Russo, Bailey Reutzel and Edward Robinson. Videos were produced by Robin Schmidt and Alp Gasimov. Podcast was led by Camila, edited by Alp.
The Defiant is a daily newsletter focusing on decentralized finance, a new financial system that’s being built on top of open blockchains. The space is evolving at breakneck speed and revolutionizing tech and money. Sign up to learn more and keep up on the latest, most interesting developments. Subscribers get full access, while free signups get only part of the content. Click here to pay with DAI (for $100/yr) or sub with fiat by clicking on the button above ($15/mo, $150/yr).