Since Monday’s @Balancer v2 exploit, we’ve worked hand in hand with their team to develop the first root-cause analysis of the issue, identify all affected and potentially vulnerable pools, and determine whether v3 was susceptible to the same attack.
Our analysis breaks down what happened, how v3’s redesign prevents it, and key takeaways for DeFi security.
https://t.co/6h59fJ1Brn
If you mistakenly send unsupported asset to Bybit, I found a way you can use to withdraw it
Earlier today I sent base $USDT to my Bybit which is not supported
What I did was that I logged into my @Bybit_Official account through their website
- Click on “Assets”
- You will see that “You have Pending Assets”
- Click on “Go to process”
- Under “Unsupported Coin” you will see your unsupported asset, click on “withdraw” at the extreme end
- Enter your wallet address
- Click the “submit” button and proceed
🎯 Bybit will charge you a fee for withdrawal, so make sure you have a small amount of USDT on your Bybit account
The worst possible way to start the week.
Balancer got exploited with funds stolen of over $116M now.
The cascading is really bad overall, as many projects have integrated/forked Balancer.
auditor alpha: don't chase every new protocol
target the base layer infrastructure that others build on top of. master one, unlock dozens.
deepbook is the perfect example. it's sui's core liquidity layer - a fully on-chain clob written in move. cetus, turbos, aftermath, deeptrade, flowx all integrate it.
deeply audit deepbook once → suddenly you can audit every dex & aggregator building on it. they're all using the same clob primitives under the hood.
most auditors spread themselves thin across 100 random protocols. smart ones go deep on the 3-4 infrastructure pieces everyone depends on.
same applies to other chains & langs.
work smarter. learn the foundation, own the ecosystem.
move's type system is what every security researcher will love. unlike solidity where everything is just data, move types have "abilities" (copy/drop/store/key) that enforce safety at the vm level.
resources (tokens, nfts, anything valuable) intentionally lack copy + drop abilities. if a resource representing value has copy or drop abilities, that's most likely a bug - users could duplicate or lose assets. imo the move vm prevents what solidity leaves to best practices
“So you spend 70-80 hours a week staring at someone else's code?”
“Yes, Dave.”
“And your entire income depends on whether a few random strangers feel like giving you money?”
“That’s correct, Dave.”