The Intelligent Insurer #38 — Glide Finance team confirms exploit was due to poor processes
Glide Finance, a decentralized exchange (DEX), announced that it had suffered an exploit of $300,000 on October 17th, 2021. In a statement explaining the loss of funds, the project confirmed that the exploit occurred due to internal process faults, rather than a vulnerability on the blockchain.
In the latest Intelligent Insurer, we examine the details of this hack that has left Glide Finance on the brink of failure. We also examine how DeFi projects are seemingly inundated with errors like these, damaging the entire ecosystem’s reputation and leaving investors facing uncertain times. First, we’ll look at the development progress we’ve made this week.
Insured Finance software development update
As our Alpha release draws closer, we’re thrilled to report that we’re continuing to make significant progress. Testing our 25 trial accounts continues, with 20 users having signed up and interacting with our platform.
- We improved internal reporting standards significantly by releasing developer and release documentation to assist timely audits.
- We continued our efforts to initiate a smart contract audit and have begun discussion with OpenZepplin’s team.
- Progress towards our MVP continues unabated. We finalized the essential metrics for the Marketplace and continued experimenting with analytics tools to provide users the best experience.
We’re continuing work to simplify payout processes via ChainLink and conducting research into development and business factors. Our commitment to providing users with a safe and secure environment for unparalleled digital assets insurance remains firmly in place.
Investor funds drained from Glide
Glide Finance is an Automated Money Maker (AMM), yield farming, staking, and DEX platform. It is built on the Elastos Smart Chain (ESC), a sidechain to the Elastos mainchain that supports Solidity smart contracts. By running on a DPoS consensus mechanism, Glide Finance aims to deliver a high-performance scalable solution for the Elastos ecosystem.
On Sunday, October 17th, 2021, $300,000 was drained from Glide Finance’s pair contracts. Initially, the incident was suspected to have been a security failure from the smart contract’s auditor, Paladin Blockchain Security. However, an investigation revealed that the security outlet was blameless. The fault arose from within Glide, thanks to a careless error while updating their system.
According to the project team, the error occurred after making a fee parameter change post-audit. A number on the contract was supposed to be updated from 1,000 to 10,000. This did not happen and gave malicious actors room to drain Glide off their funds.
“We are ashamed and disappointed in ourselves to have made such a mistake, as it could have easily been avoided with better due process,” the team posted in a tweet. Glide also compiled a list of addresses that were compromised along with lost balances. Currently, the platform has asked users to get in touch with them regarding their missing funds. No compensation plan has been announced.
Security compromise puts Glide in danger of extinction
While the extent of monetary damage that this exploit has caused is known, Glide’s reputation is still hurting from the incident. The project was not widely popular to begin with and this breach only reduces their close to non-existent reputation. The project has reported that they were contacting exchanges to block transactions coming from its platform.
However, no assurances were given, and they stated that “it is unknown at this stage if anything can come out of this”. A refund to users is improbable as the project’s team acknowledged that the damage to its reputation could be irreparable.
At the time of writing, the outlook is poor for Glide Finance. Information on the project’s website showed that a mere $598 in total value locked (TVL). The most alarming part of this whole issue is Glide’s lack of responsibility in addressing user concerns.
Users wary due to DeFi platforms’ security breaches
Glide’s response to such a serious situation underlines why average investors are wary of DeFi platforms. A lack of regulation leaves investors with no recourse and at the mercy of these platforms. A similar breach occuring in the stock market or conventional financial markets is unthinkable, with swift action and compensation occurring at the earliest.
Yet, Glide has gotten away with making a few apologies on Twitter and has already begun talking about “recovery”, without releasing details of how it plans on compensating investors. Time and again, the security of promising DeFi projects have been exploited. Investor appetite remains high nonetheless and this means digital asset insurance solutions like Insured Finance are needed in the marketplace. Glide’s users with an Insured Finance contract would have been fully reimbursed and would have insulated themselves from the team’s incompetence
Glide Finance has advised its users to withdraw any funds still deposited in their liquidity pools. It also immediately and indefinitely suspended the planned launch of farming that was scheduled for Tuesday, October 19th, 2021.
About Insured Finance
Insured Finance is a decentralized, peer-to-peer insurance marketplace. Insured Finance users can request customized insurance on a wide variety of digital assets. Those that fulfill requests earn premiums and can earn a competitive return on their capital. Claims are fully collateralized and settled instantly.