The options market protocol Primitive has whitehacked its smart contracts to prevent a possible exploit after discovering a critical vulnerability
Primitive Finance announced via a post that it had decided to self-hack its smart contract to fix what could have been a potential loophole. The exploit was discovered in the Primitive Finance smart contracts early today. The decentralised finance protocol revealed that the drastic action was the best approach to manage the vulnerability.
The options to suspend or upgrade the contract on the platform were ruled out as neither was feasible. Left with no other alternatives, Primitive Finance resorted to hacking its smart contracts to secure funds on the platform.
“A critical vulnerability was discovered in Primitive Finance smart contracts. As the contract is not upgradeable or pausable, we chose to whitehack our own smart contracts to safeguard user funds,” the blog post started.
Primitive Finance reiterated that the whitehacked funds are safe, and they will be presented back to their respective owners. The post also detailed that a post-mortem of the issue and measures to protect user funds will follow. Primitive Finance users will now have to wait for their funds to be returned.
At the time of writing, the majority of funds had already been safeguarded through the self-hack action. Users are, however, expected to take more action as some could still be exposed to the exploit.
A follow-up tweet from the permissionless options protocol read, “Although we have recused 98% of the funds, TOKENS IN WALLET which have approved the vulnerable contract are STILL AT RISK, https://app.primitive.finance/reset will safeguard funds by setting each of your token approvals to 0. A post-mortem and next steps to reclaim funds are coming soon.”
According to the blog post, the exploit is connected to infinite approvals made on a smart contract deemed vulnerable. By manually resetting approvals back to zero, users will have secured any assets. Primitive warned that users who had already approved their token to be spent by the contract were in jeopardy as their tokens were at risk. So far, no hacker had taken advantage of the vulnerability or exploited the loophole to steal funds.
Elsewhere, the total value locked (TVL) in DeFi has gotten on a recovery path after a slight dip over the weekend. It will be aiming to close in on the record high of $41.85 billion set on Friday last week. In the last nine hours, the TVL in DeFi protocols has risen by 1.65% from $40.23 billion to $40.895 billion as of writing.