Buggy Code in This Compound Finance Fork Just Froze $1M in Ethereum Tokens
The error In a Discord discussion regarding the vulnerability, Vfat, an Ethereum and PercentFinance developer, said the developer who forked PercentFinance from Compound Finance used “old contracts from Compound instead of … newer, much better versions.” The recourse In direct messages with CoinDesk, Vfat said it is still too early on in the recovery process for a definitive plan, especially considering no one has had a chance to speak with Centre or BitGo yet, the issuers of the USDC crypto dollar and WBTC token, respectively.
Because USDC and WBTC have backdoors intp their smart contracts, these issuers would be able to blacklist the addresses with the locked funds (even though they are already inaccessible, Vfat said this would be a good “extra precaution”). For other recovery efforts, Vfat said one early-stage proposal suggests launching new contracts for the USDC lending markets.