Audius Yet Another Web3 Fail
I recently spoke about a web 3 fail in Helium a network that tried to tokenise hot spots and sell data to access the internet. Anyone with a brain can tell you that you're not going to compete with current ISPs, but web 3 bros have a lot more money than brains so they'll keep throwing money at the wall and hoping something sticks, of which none have stuck so far.
If these applications are not failing in their business model, they're more likely to lose money through shoddy security a case that will ALWAYS be there with Turing complete blockchains since you tie the use with the token instead of keeping the application layer and payment layer separate.
Audius sees its arse
Audius is a music streaming platform, basically dead on arrival, it's trying to compete with the likes of Spotify, apple music, and a host of other platforms, and all it can offer is a convoluted token system making it harder to access content than their counterparts.
While Audius figures out how it's meant to take market share away from these established apps an attacker was able to create and pass a governance proposal to transfer out 18.5 million AUDIO tokens from the community treasury.
The user then successfully swapped these for 705 ETH (~$1.1 million). Audius halted the token and smart contracts while they patched the bug, and brought the network back online shortly afterward, lol sounds like a cock up of note and very decentralised if you can pause a contract, you dumbasses.
This is what I keep telling shitcoiners, if they can pause it for an attack, they can pause it because the government is knocking on their door so this shit isn't censorship resistant.
Walking into a windfall
The "attacker" had found and exploited a vulnerability in the way the contracts were written which allowed them to rewrite the governance voting rules. Once he rewrote the rules the user delegated 10 trillion AUDIO tokens to themselves for voting purposes.
They then used those tokens to pass a proposal, that rewards them handsomely for finding the bug. This is really a bug bounty to be honest, the user just followed rules and the smart contract actioned it and isn't code meant to be law in shitcoin land?
https://twitter.com/peckshield/status/1551053190904238080
The contract was audited by OpenZeppelin and Kudelski, but neither group caught the vulnerability. Audius stated that a plan for dealing with the loss of community funds was still under discussion, lol because you gotta make the morons whole with new inflation.
Aaaaand its gone
Once the user accessed the tokens worth nearly $6 million from the treasury, it was a race against time before that wallet could be blacklisted or the contract paused, they dumped for $1.08 million since there is no real liquidity and the dumping resulted in maximum slippage.
https://twitter.com/CertiKAlert/status/1551020421532770305
Source:
Have your say
What do you good people of HIVE think?
So have at it my Jessies! If you don't have something to comment, "I am a Jessie."
Let's connect
If you liked this post, sprinkle it with an upvote or esteem and if you don't already, consider following me @chekohler and subscribe to my fanbase
| Earn Free bitcoin & shop | Earn Free Bitcoin & shop | Claim Free Bitcoin & Shop |
|---|---|---|
 |  |  |
Posted Using LeoFinance Beta
Every new exploit I read about makes me happier to be on Hive.
I've got a small amount in pHBD which I consider lost and it's only there because I like to at least know about the processes there but doing anything with ETH tech feels dirty and rickety.
Solidity is a joke, and I am not a fan of having contracts live on the blockchain for all to see, if you want to have an agreement with someone just do a contract on a private server instead of exposing your funds to this anyone can see it for what? It's clearly not for safety
It is sad to see that those losing money are the retail one. or simply the one who bet to get the most pump.
It's not sad, it's how it should be, you should not be rewarded for making stupid decisions or it encourages more stupidity, get rekt, and then learn not to put your money into scams and bad products and ideas
Decentralization theater.
People who fall for this crap deserve to get rekt.
Lol new suckers are born every minute and I guess this is the cost of becoming a bitcoin maxi
It is crazy how much money and attention and hype go into some of these projects and they rarely deliver much of anything. Just crushed dreams
I honestly don't even know how many of these projects cut through the noise to actually find people to wreck, there is so much going on, I guess the business of selling tokenised dreams is a good place to be in until the SEC catches up
Well and I think the annoying thing is guys like us could do these half assed projects but we aren't scammers so we aren't going to be out there selling the dream.
I do think there is value for guys like us to deliver a real product but as we have seen in this space it is like complete hogwash does better than an actual working product right in front of everyone's face.
I totally agree man, there's no point in creating a legit project in the space when scams can sucker in capital with narratives and pumpamentals, if you had a legit service, it's not going to have crazy price movements and the idea will be reasonable and cash flow unimpressive because normie investors don't know how a business works, they just chasing numbers
That loss won't be impermanent,...
LOL you can't do stupid things if you have no more money so I guess they doing people a favour
It will be a tough lesson for them, but it may be the only way they can learn.