Security

CertiK Plans To Compensate 2 Million Lost In Merlin DEX Rug Pull

CertiK responded that initial findings point to a potential private key management issue rather than an exploit as the root cause. While audits cannot prevent private key issues, the firm always highlights best practices for projects.

The incident involves the zkSync DEX Merlin that had undergone a CertiK Audit that was hacked, resulting in over $1.82 million in stolen funds, and an LP that has been drained. This has caused concern for investors, and officials have stated that the Core Farming Pools and public sale will only be launched after CertiK completes an audit to reassure investors.

CertiK’s exploration of a community compensation plan to cover the lost funds is a positive step in addressing the situation. The company is determined to track down the rogue developers behind this rug pull and is urging them to accept a 20% white hat bounty.

1/ CertiK is exploring a community compensation plan to cover the ~$2M of user funds lost in the Merlin DEX rug pull. Initial investigations indicate that the rogue developers are based in Europe, and we are working with law enforcement to track them down.

⬇️⬇️⬇️

— CertiK (@CertiK) April 26, 2023

Despite the problem, the initial tweet from CertiK included ZKSync, but it has since been deleted without any reason.

Coincu previously reported that Merlin smart contracts contained malicious code that led to a loss of funds. The initialize function’s two lines of code allowed the feeTo address to transfer an unlimited amount of token0 and token1 from the contract’s address. Additionally, redragonvn identified a “backdoor” code in the Merlin code (L87-88) that lets the feeTo of MerlinFactory transfer all assets in the pair, posing a security risk as there is no use case that requires its approval.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

   

Source

Click to rate this post!
[Total: 0 Average: 0]
Показать больше

Добавить комментарий