Bedrock announced yesterday that its uniBTC smart contract vulnerability was exploited by attackers, which affected its liquidity pool on Uniswap. The vulnerability is now under control.
For those who don’t know Bedrock yet, you can read my article: Basic introduction to re-staking protocol Bedrock & airdrop tutorial
The following is the relevant information I compiled about this security incident:
1. The assets exploited by the attacker are in the Uniswap liquidity pool, and the total affected assets are approximately US$2 million.
2. The cause of the vulnerability is a code problem that allows attackers to use native BTC to mint uniBTC.
Today Bedrock released a post-mortem analysis report, the highlights of which are as follows:
1. Integrate Chainlink to provide proof of reserve (POR)
2. Promote the function of canceling pledges
3. LP liquidity incentive plan of decentralized exchanges
4. Compensate uniBTC holders with 100 diamonds (snapshot time is 9/26 PM6:28:23), and increase the community airdrop ratio by 0.5%.
In addition, Bedrock will establish relevant preventive measures to avoid similar situations:
1. Conduct multiple rounds of security audits
2. Establish a 7x24 security monitoring mechanism
3. Establish a security fund (initiated through governance proposals after TGE)
4. Start Bug Bounty program
Summarize
Although the number of assets affected this time is not large, it still shows the code risk problem of Bedrock. As I have always reminded everyone, operating the on-chain protocol requires a lot of risk possibilities. The operations used in today's re-pledge trend , which will amplify these risks because users will pledge and re-pledge their assets to multiple protocols at the same time.
However, the reaction speed and complete countermeasures of the Bedrock team must still be affirmed. For users, in the future, they can use Chainlink’s reserve certificate to verify whether Bedrock really has 1:1 assets; for the team, this can also be used Limit the possibility of malicious minting and ensure that newly minted tokens are indeed backed by reserves.
*Partners who are worried about the security issues of the Bedrock protocol can withdraw their assets and transfer them to other places after the team's upper limit of staking is cancelled.
*Please check Bedrock’s Mirror for detailed report content.
※If you want to participate in Bedrock, don’t forget to use my code:
74PFQY
You can get 0~40% airdrop points bonus effect
※The above content is purely personal sharing and does not constitute investment advice (NFA). Users are advised to DYOR and assess their personal risk tolerance.
※Cover image screenshot from Bedrock Mirror article
#Bedrock #uniBTC #Chainlink #Airdrop #restaking $BTC