DeFi project Ede Finance admitted that it made a decision to manipulate prices, after the protocol was exploited for around $580,000.
The attacker who exploited it claimed they were a white hat — acting for good – and that they were trying to expose how the Arbitrum-based project worked, according to security analysts PeckShield. They claimed — in messages sent over the blockchain — that the project’s core team had a backdoor that allowed them to liquidate any user’s trade on the supposedly decentralized protocol. They said this activity involved using fake prices and claimed the intention was to steal user funds.
The attacker said that if the developers admit to this practice, they would return the funds minus a 10% bounty for themselves. They also mentioned there were additional vulnerabilities.
The Ede Finance developers replied, “Yes we acknowledge making an ill-advised decision to manipulate the price. However our intention was to blacklist those who had previously exploited the system, fully aware that all transactions are recorded on the blockchain. We did not aim to misappropriate users funds as this would leave a traceable record.”
The team then said it would remove the smart contract that enables this behavior. They also said they would agree to the terms of the bounty and said they would use their own funds to cover the shortfall. The team offered the exploiter 5% of the team’s token allocation — subject to vesting periods — for pointing them the other vulnerabilities out.
PeckShield also noted that while the project had been audited, the length of the audit was just three days.
The project’s native token has fallen from $2.43 to $1.18 over the last 24 hours, down 51%.
Ede Finance has not yet responded to a request for comment.
Read the full article here