link.png

ID:

sense-finance-1111

Date:

Status:

Incident Count:

April 22, 2022

Near-Miss

1

info.png
target.png
REKT

Contributor:

chain.png

web3rekt.com

KYC By:

KYC:

None

info.png

Audit By:

Audits:

None

Loss Amount:

-

info.png

Recovered:

-

Rewards:

50,000

Currency:

USD

info.png

Key Indicators

Platform:

Type:

Category:

Method:

Data Sources:

Ethereum

Protocol

Infrastructure & Tools

Near-Miss

Extended Method:

Missing access control checks

info.png

Days in Operation:

633

(1.73 Years)

chain.png
chain.png
chain.png
chain.png
datasource.png

The Sense Protocol is a decentralized fixed-income protocol on Ethereum, allowing users to manage risk through fixed rates and future yield trading on existing yield bearing-assets. Sense operates as decentralized, permissionless infrastructure, where teams can build and develop new yield primitives for DeFi, such as bond-like assets, yield tokens, and tranche-like instruments. Yield-stripping is the first application built on Sense, where users can lend at a fixed rate and make capital-efficient long/short bets on the future yields of existing yield-bearing assets.

Whitehat Violet Vienhage submitted a critical vulnerability in Sense Finance via Immunefi. The vulnerability consisted of a missing access control issue in the onSwap() function of the Sense Balancer pool that could have allowed a malicious actor to update the oracle data of the Space AMM contract. There were no assets at risk, as the pools relying on the Space AMM oracle were paused by the Sense team upon vulnerability disclosure. Sense has paid the full $50,000 bounty to the whitehat and has already deployed a fix to the mainnet.

info.png

DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.