Uncovering Critical Bugs in Gains Network Forks
Recently, a blockchain security firm revealed two critical bugs in a fork of the Gains Network leveraged trading protocol. These vulnerabilities could have enabled traders to make exorbitant profits on every trade, regardless of the token’s price. The discovery emphasizes the risks associated with forks of popular decentralized finance (DeFi) protocols and the crucial need for comprehensive security audits.
Key Findings
- Two bugs in a Gains Network fork allowed traders to profit 900% on each trade, irrespective of the token’s price.
- A unique bug found only in the fork of Gains allowed users to set a stop-loss above the open price on a buy order, ensuring automatic profits from any trade and potentially depleting the protocol’s funds.
- The second bug, present in a previous Gains version but subsequently patched, enabled traders to make a 900% profit on sell orders by entering a specific value as the take-profit or stop-loss, leading to an overflow in the profit calculation.
- Zellic, the security firm, promptly informed the developers of Gains forks like Gambit Trade, Holdstation Exchange, and Krav Trade about these vulnerabilities, prompting them to secure their protocols. However, other Gains forks may still be susceptible.
Exploring Gains Network
- Gains Network operates as a DeFi ecosystem on Polygon and Arbitrum, offering various products. Its leveraged trading application, gTrade, has facilitated over $25 billion in derivatives volume since its inception in May 2023.
- Popular DeFi trading apps like Gambit Trade, Holdstation Exchange, and Krav Trade have originated from Gains Network’s base code.
Understanding the Bugs
- The first bug, exclusive to the Gains Network fork, allowed users to profit by setting a stop-loss above the open price on a buy order. This exploit could have led to draining the protocol’s funds.
- By manipulating the open price and stop-loss values, an attacker could execute trades to artificially generate profits, potentially jeopardizing the protocol.
- The second bug, detected in an earlier Gains version, enabled traders to exploit sell orders by entering a specific value, resulting in a profit overflow due to leverage exceeding 9x.
Security Concerns
- While the identified vulnerabilities have been addressed by some Gains forks, there remains a risk for other forks to contain similar bugs, posing a threat to users’ funds.
- Additionally, a separate incident of trader front-running during Gains Network’s Binance listing underscores concerns about insider trading and market manipulation in the crypto space.
Hot Take: Safeguarding DeFi Protocols
It is imperative for DeFi projects and their forks to prioritize rigorous security measures and ongoing audits to mitigate vulnerabilities and protect users’ investments. Stay vigilant and exercise caution when engaging with decentralized platforms to safeguard your assets in the evolving crypto landscape.
By
By
By
