Decentral Bank fixes USN bug that got it scammed of 10 trillion USN

Decentral Bank has fixed a smart contract bug that briefly caused about 10 trillion USN tokens to be minted.

The team has burned the tokens and plans to reward the affected user with a bug bounty.

Decentral Bank is a decentralized autonomous organization (DAO) that is developing the USN stablecoin on the Near blockchain.

According to a security incident report, the bug was discovered when a user called “pavladiv.near” tried to swap 5 USN ($5) for 5 USD Tether (USDT) at 01:35 a.m. EDT on July 6.

The user attempted the trade via the on-chain swap mechanism on Decentral Bank.

Yet there was an issue that didn’t let swaps work if the wallet did not contain any USDT (despite it not being needed for the swap). As a result of this error, the swap failed.

The user tried the process twice and it failed on both occasions.

Since the transaction did not go through, the USN smart contract attempted to refund them. This is where the actual bug happened.

The bug caused a misplacement of decimal points when refunding pavladiv.near’s USN. Instead of returning 4.9995 USN (about $5), the smart contract bug minted 4.9995 trillion USN for the user on both occasions, thus creating almost $10 trillion out of thin air.

Decentral Bank, upon noticing the minting bug, paused the contract and deployed a fix to prevent the incorrect decimal placement when refunding a failed swap.

The team also burned the excess USN tokens minted by the bug, restoring the circulating supply of USN to its correct state.

If left unchecked, the bug could have been exploited to mint infinite USN. This could have led to a complete drain of the Ref Finance USDT liquidity pool.

Leave a Reply

Your email address will not be published. Required fields are marked *