Blockchain security experts have unearthed a major loophole in a fork of the Gains Network, a decentralized finance (DeFi) ecosystem operating on Polygon and Arbitrum. This glitch allowed traders to reap massive profits of up to 10 times their initial investment on every trade, regardless of the token’s price fluctuations.
Understanding the Gains Network Bug: How Traders Profited 900% on Every Trade
The Gains Network, with a Total Value Locked (TVL) of $20.29 million, has been a significant player in the DeFi space since its launch in May 2023, boasting a staggering $25 billion in derivatives trading volume. However, a report from Zellic dated April 19 revealed a critical vulnerability within one of its protocol forks, enabling attackers to exploit the system effortlessly.
According to the report, the bug permitted an attacker to set an exceedingly high buy limit order, guaranteeing automatic victory in every trade executed on the platform.
Exploiting the Vulnerability
The exploit functioned by manipulating the protocol’s “current price” variable, which calculates profit and loss based on the stop-loss price set by the user. By strategically setting the stop-loss price higher than the open price, traders could secure profits without any actual market risk.
For instance, if Bitcoin’s price stood at $60,000, and a trader set their open price at $59,000 with a stop-loss at $61,000, any downward price movement triggering the trade would instantly result in an exit, recording a profit of $2,000 for the trader, thanks to the flawed protocol.
Addressing the Flaws
Although the protocol included safeguards to prevent users from setting their stop-loss above the buy-order open price, Zellic’s investigation revealed additional exploits that bypassed these checks. With certain parameters, traders could exploit the system to achieve a guaranteed profit margin of 900%.
While the identified bug was specific to a Gains Network fork, not the original protocol itself, Zellic also uncovered a similar flaw affecting a previous version of the authentic Gains protocol, allowing traders to amass substantial profits on sell orders.
Following the disclosure, various teams managing Gains forks, including Gambit Trade, Holdstation Exchange, and Krav Trade, have taken measures to rectify the vulnerabilities. However, Zellic cautioned that other forks might still be susceptible to exploitation, urging heightened vigilance within the DeFi community.
Also Read: FixedFloat Exchange Suffers $26M Exploit: Bitcoin, Ether Affected
Discussion about this post