The love story between the DeFi space and economic exploits continues to thrive as we saw a couple of days ago with the exploit of Polybunny Finance. The attack on an inflation bug with the use of a flash-loan from AAVE led to a loss of $2.4 Million for the project and a resultant price hit for the tokens.
A sad déjà-vu for the team PancakeBunny who was affected by a flashloan attack on their BSC project earlier.
What is infuriating is that according to Rekt.News the same exploit was used TWICE on a DIRECT FORK of PancakeBunny called ApeRocket.Fi and led to a loss of $260K on its BSC platform and $1 Million on its Polygon version. Rekt.news even speculated that the attackers could be using ApeRocket as a test pad for its direct attack on PolyBunny two days later.
The big question is why was there no accountability for the original mothership, i.e, PancakeBunny to assess a clone and make the changes necessary in its code?
The community couldn’t even have a comparison done or even a suggestion made to evaluate the code-base in a public forum, such is the primitive nature of the security standards and its open source communication with the public.
Primitive Nature of Open Source Security Vigilance!
Some other aspects of this space that we would like to highlight as a team is that there is no public forum besides a bunch of Twitter threads by some vigilant influencers where a community could PROACTIVELY discuss forms of attacks for the DeFi space and prevent loss of investor funds.
Any form of real time warning or community vigilance on a project via Reddit, Telegram is immediately brigaded and deleted from the space by unscrupulous project mods leading to a lack of real time updates for yield farmers.
And if a community warning somehow manages to reach the public attention, there is a lack of a vigilant team who can assess the code and provide the recommended changes if needed. This also leads to the news getting lost by other real time updates, the consequence of which is an attack where investors lose their money and rue not having checked that news earlier.
Some of our team members have lost money that way — far too many times to ignore it anymore!
And fortunately, we have a solution in place to offer the DeFi space.
Meet the PURGE PROTOCOL 🔪
The PURGE PROTOCOL is a key component of the DYOR Audit Platform which provides some of the key values missing in the DeFi space:
1. Incentives for community vigilance.
2. Dynamic real time assessment of a project code-base.
3. Public common ground for community vigilantes to issue warnings about a project without fear of removal or brigading.
4. Bounty initiatives acting as an economic incentive for finding out bad actors or code assessment.
5. A leaderboard where all these updates are published acting as a one-stop, real time project security database.
All united by the $DYOR Token at the heart of the PURGE PROTOCOL!
The PURGE PROTOCOL provides an incentive mechanism for community members to spot red flag team behaviour, malicious code change attempts and other signs of project tomfoolery in the form of $DYOR Tokens.
Bounty initiatives are also implemented where the community can commission our audit team to assess the code of any project they like. This removes the need for relying on outdated audit reports and even helps in avoiding an Evil Strategy Contract attack where they replace audited code with malicious code a’la the Compounder Finance attack in Dec 2020 which lead to a loss of $10.8 Million.
Members can even issue a community watch for other aspects like issuing a public information notice about hackers post an attack or real time security information about a project. All this is done with the $DYOR Token as the medium. These activities are recorded in our leaderboard/project database which acts as real time information hub about DeFi projects.
The best part about the PURGE PROTOCOL is that it will be decentralized soon, preventing any sort of brigading or information removal by motivated project mods creating a safe space for security discussions about any project they like.
No more reliance on outdated audit reports!
No more scrolling through out of the blue, random Twitter warning threads!
No more community vigilance being silenced in the public!
No more stagnation of security discussion!
Welcome to a more secure future with the PURGE PROTOCOL!
BEWARE OF SCAMMERS & BAD ACTORS!
Do stay tuned by following us only on our Official Social Accounts below:
📲 TG Group: https://t.me/DYORauditGroup
📲 TG Announcement: https://t.me/DYORauditChannel
📲 Twitter: https://twitter.com/DYORaudit
📲 GitBook: https://dyor-audit.gitbook.io/dyor-audit
📲 Facebook: https://www.facebook.com/DYORaudit
📲 Instagram: https://www.instagram.com/dyoraudit
📲 GitHub: https://github.com/DYOR-Audit