Landing a Dev job is easy.
Delivering and keeping it is the hard pill.
My Dev career almost ended 3 months ago.
Here's the story of how $150,000 was almost drained from a DEX I built . . .
~Th_read ๐งต~
Delivering and keeping it is the hard pill.
My Dev career almost ended 3 months ago.
Here's the story of how $150,000 was almost drained from a DEX I built . . .
~Th_read ๐งต~
It's way easier to build a product as a Dev
But what happens when a project founder calls to your attention
"โHey man we are getting drained now, look you have to answer me, it is urgentโ
Here's exactly what happened and how i was almost labelled a fraud.
But what happens when a project founder calls to your attention
"โHey man we are getting drained now, look you have to answer me, it is urgentโ
Here's exactly what happened and how i was almost labelled a fraud.
3 months ago I built an Arbitrum Dex for a Founder who contacted me.
2 weeks into use I received the call.
Our liquidity is being drained . . . And fast.
I was driving when my niece Semilore showed me this message.
I almost had a panic attack
Things got worse . . .
2 weeks into use I received the call.
Our liquidity is being drained . . . And fast.
I was driving when my niece Semilore showed me this message.
I almost had a panic attack
Things got worse . . .
It was no longer about the Draining from the Dex.
I stepped on the throttle.
While trying to step on the brakes, I was so shocked I did the opposite.
"Ooh look . . . "
She screened
A pregnant woman ! ! !
And that was it.
I stepped on the throttle.
While trying to step on the brakes, I was so shocked I did the opposite.
"Ooh look . . . "
She screened
A pregnant woman ! ! !
And that was it.
From a terrible bad news from my client
To almost hitting a pregnant woman trying to cross the road.
But you can't blame me . . . Will you
$150,00 ! ! !
My worse fear was coming to past
Losing a client
Losing $150,000
Losing my Credibility
"Is this the end of my career"?
To almost hitting a pregnant woman trying to cross the road.
But you can't blame me . . . Will you
$150,00 ! ! !
My worse fear was coming to past
Losing a client
Losing $150,000
Losing my Credibility
"Is this the end of my career"?
I came online to the community.
FUD!!!
"Scam Project"
"Bad Devs"
"Rug"
The community wasn't helping matters.
After the community manager locked the group on my instruction.
I went straight to work.
I was the DEV, I would spot what went wrong.
So I thought.
FUD!!!
"Scam Project"
"Bad Devs"
"Rug"
The community wasn't helping matters.
After the community manager locked the group on my instruction.
I went straight to work.
I was the DEV, I would spot what went wrong.
So I thought.
Arbiscan had become my trusted tool in monitoring DEX's activities.
I went straight to look at it.
But here's a fact :
Every line of code I wrote aimed to protect users and maintain the integrity of our exchange.
so I knew whatever happened, I can detect it.
So I did.
I went straight to look at it.
But here's a fact :
Every line of code I wrote aimed to protect users and maintain the integrity of our exchange.
so I knew whatever happened, I can detect it.
So I did.
I detected something fishy
A series of transactions caught my attention.
They were repeatedly calling a function within our DEX smart contract, a function that was linked to token transfers.
Timestamps revealed a rapid-fire sequence, an unmistakable sign of a reentrancy attack
A series of transactions caught my attention.
They were repeatedly calling a function within our DEX smart contract, a function that was linked to token transfers.
Timestamps revealed a rapid-fire sequence, an unmistakable sign of a reentrancy attack
Panic set in.
But was there time for that ?
Would it matter to the Founder ?
No !!
So Iturned my focus to our DEX's smart contract code
My heart pounded as I scanned line by line
There it was, an oversight that left a vulnerability wide openโa missing state change
My bad๐๐ปโโ๏ธ
But was there time for that ?
Would it matter to the Founder ?
No !!
So Iturned my focus to our DEX's smart contract code
My heart pounded as I scanned line by line
There it was, an oversight that left a vulnerability wide openโa missing state change
My bad๐๐ปโโ๏ธ
Let me explain.
Here's what it means.
If a user provides liquidity to our decentralized exchange (DEX) contract, the contract will fail to properly update the user's balance when they withdraw funds, leading to a situation where a user can withdraw funds multiple times
Sigh!
Here's what it means.
If a user provides liquidity to our decentralized exchange (DEX) contract, the contract will fail to properly update the user's balance when they withdraw funds, leading to a situation where a user can withdraw funds multiple times
Sigh!
without the contract updating the balance accurately.
Over $50,000 has been drained already.
It was terrible.
I continued to watch Arbiscan in real-time as the attack played out.
Traced the attacker's address and saw their repeated, transactions.
Over $50,000 has been drained already.
It was terrible.
I continued to watch Arbiscan in real-time as the attack played out.
Traced the attacker's address and saw their repeated, transactions.
The Attacker had done multiple malicious attempts to exploit the vulnerability and drain our DEX's liquidity.
I needed to something . . . And Fast
I executed an emergency pause mechanism built into our DEX.
This disrupted the flow of the Attacker
But it wasn't a win yet
I needed to something . . . And Fast
I executed an emergency pause mechanism built into our DEX.
This disrupted the flow of the Attacker
But it wasn't a win yet
After pausing the contract, Benedict asked
โWhat do we do nextโ
I told him we had to:
โขDeploy a new version of the smart contract to replace the vulnerable contract then
โข Migrate user balances and data to the upgraded contract to ensure a seamless transition.
โWhat do we do nextโ
I told him we had to:
โขDeploy a new version of the smart contract to replace the vulnerable contract then
โข Migrate user balances and data to the upgraded contract to ensure a seamless transition.
Then I will:
Thoroughly test the updated contract to ensure that the vulnerability has been effectively addressed and that all functions operate as intended.
Then I:
Use testnets and auditing tools to validate the security of the updated contract
Like:
Thoroughly test the updated contract to ensure that the vulnerability has been effectively addressed and that all functions operate as intended.
Then I:
Use testnets and auditing tools to validate the security of the updated contract
Like:
1. MythX
2. Truffle Suite
3. Remix
4. Solhint
5. Securify
6. MyEtherWallet (MEW) Security Analysis
7. Professional Auditing Services
2. Truffle Suite
3. Remix
4. Solhint
5. Securify
6. MyEtherWallet (MEW) Security Analysis
7. Professional Auditing Services
I Quickly did all these, I and my team worked tirelessly for several weeks to get back the funds from the hackers through some means I am not allowed to reveal here.
Now here's a fact
Now here's a fact
Landing a Dev job is damn easy
But 90% of Solidity Dev suck at it
@InstituteOphir would launch in few days . . . But before that
I'd pick 15 people to get my Course for FREE
"Web3 developer road map & my secret guide to Web3 opportunities"
Rt ๐& tag @InstituteOphir to win.
But 90% of Solidity Dev suck at it
@InstituteOphir would launch in few days . . . But before that
I'd pick 15 people to get my Course for FREE
"Web3 developer road map & my secret guide to Web3 opportunities"
Rt ๐& tag @InstituteOphir to win.
Loading suggestions...