Kao hakove i eksploatacije continue to go rampant within the crypto industry, the importance of finding vulnerabilities to prevent potential losses becomes of utmost importance. However, a Web3 developer highlighted that it’s not rewarding to do so.
In a tweet, a Web3 developer tvrdio that he found a vulnerability in a Solana smart contract that would have affected several projects and around $30 million in funds. According to the dev, he reported and helped patch the vulnerabilities. However, when it was time to ask for a reward, the projects just started to ignore him.
The developer noted that this sends a wrong message because it shows that projects would rather get hacked than have critical bugs reported to them. He napisao:
„Zbog toga se dešavaju situacije kao što je Mango eksploatacija u kojoj će eksploatator prvo ukrasti sredstva, a zatim početi pregovarati. Nema odgovarajućeg poticaja za prijavu.”
Community members also echoed the sentiment of the developer. Smit Khakhkhar, a fellow developer, odgovorio by claiming that he also made the same mistake multiple times. “This is one major reason why hackers exploit first and then negotiate,” he wrote. On the other hand, a Twitter user thinks that it’s also possible for developers within the projects to secretly want to exploit the code for themselves. They tweeted:
Yep, the incentives to hack it yourself is way higher than the incentive to report. Also..perhaps these devs secretly wanted to exploit it themselves. Don’t rule that out. I’m sure the people that a most likely to spot exploits are the code writers.
— ReddSpark (@Redd_Spark) Decembar 20, 2022
Because of these, some predvidjeti that the next cycle in crypto will be a break-and-fix cycle. According to the community member, traders could potentially pay blackhats to exploit critical vulnerabilities while shorting projects.
Povezano: Trader je navodno vidio preko 5,000x dobitka nakon hakovanja Ankr protokola
Meanwhile, many industry executives believe that artificial intelligence programs like ChatGPT can contribute to securing smart contracts. Speaking to Cointelegraph, HashEx CEO Dmitry Mishunin recently noted that ChatGPT can be integrated and reduce the number of hacks within the industry.
Within crypto, many hacks have been highlighted in the decentralized finance (DeFi) space. Despite this, many industry professionals are confident that broader DeFi adoption can be achieved by educating institutional players and eliminating user experience barriers.
Source: https://cointelegraph.com/news/projects-would-rather-get-hacked-than-pay-bounties-web3-developer-claims