DeFi Protocol Kava Relaunches After Forced Shut Down Due to Bug that Overpaid Liquidity Providers
Decentralized Finance project Kava has suspended the Kava chain following the discovery, which allocates yield farming rewards after a bug was discovered in its most recent software.
Kava Suspends Service Following Program Error
The decision, which was ratified by its security and safety committee, saw the bug issue liquidity providers (exchanges) higher yields than expected. The bug was found in its Kava 5 release shortly after it was deployed. The chain was subsequently shut down following the discovery of the anomaly.
Kava has assured users in a tweet that their funds are unaffected by the program error and are working to resolve the issue. Kava's development team had asked validators to revert back to its Kava 4 software before it upgraded to Kava 6.
The San Francisco- based platform is part of the Cosmos interoperability ecosystem and runs on its Tendermint consensus algorithm.
The crypto industry has reacted to the news, with some saying the company has not been meticulous enough.
Security Issues Could Hinder DeFi Growth
The Defi space is still new, and a lot of retail investors are looking out for an opportunity to make quick gains.
This intrinsic desire to join the party has also attracted bad actors. The sub-sector has lost millions to hacks and bugs.
DeFi protocol bZx was attacked severally last year via a contract bug vulnerability that executed a flash loan. The decentralized protocol, which was founded in 2017, had previously lost $1 million, making users reluctant to invest in the platform.
A third attempt was made in September 2020 after a flawed code in its smart contract saw a hacker almost make away with $8.1 million of investor funds.
The hacker was able to mint 219,200 LINK token valued at $2.6 million, 4,503 ETH worth $1.65 million, 1,756,351 USDT worth $1.76 million, 1,412,048 USDC worth $1.4 million, and 667,989 DAI worth $681,000.
In a company statement, BZx co-founder Kyle Kristner said the bug granted the attacker access to duplicate assets or increase the protocol’s interest-bearing iTokens.
The defective code, which was first noticed by Marc Thalen, a lead engineer at crypto media house Bitcoin.com, was later corrected and funds recovered.
Lendf.me also saw about $25 million stolen through a re-entrancy attack which allowed the crypto thieves to interact with the protocol as if they had collateral to execute the contract.