/biz/ - Business & Finance

That was me unironically lmao go fuck yourselves

>>18547453
what is reentrancy?

>>18547453
Is it really a hacker though? or someone smart enough to see through an exploit? Defi is turning out to he a huge fucking clusterfuck. Did these hacked projects have audited code by a company like chain analysis at least before intermediating with people's fucking money?

>>18547520

LendfME stole the code from Compound but assumed they were safe since Compound was audited lol

The difference is Compound doesn't support ERC777 tokens...which has a vulnerability.

https://twitter.com/rleshner/status/1251717261888385025

>>18547453


Me wants a free $25mill =(

>>18547520
you alright make sure u dont fuck with sergay

>>18547520
>>18547551
Guys is aave vulnerable to any stupid shit
And can OpenZeppelin be trusted in this audit?
https://blog.openzeppelin.com/aave-protocol-audit/
Should I get all my money off tonight?

>>18547734


There's always going to be risk involved. It's up to you if the rewards from lending/borrowing is worth it.

>>18547734
What does your gut tell you? be honest.

>>18547551
fuxking unbelievable

>>18547842
>>18547844
>What does your gut tell you? be honest.
Honestly my gut tells me the risks of an exploit / hack are acceptable for the potential gain of my long. That's why I'm asking if I should reappraise based. Is AAVE any safer from exploits that these two were? I thought my main risk was getting liquidated and I thought that was unlikely at my low liq price and the chainlink price feed. But a hack is (sorta) different

>>18547453
guys seriously i haven't bought coins in like two years
what should i go all in on?
should i wait any linger?

>>18547867
ETH

>>18547867

BTC
ETH
LINK

You can then mess around with shitcoins with like 5% of your roll.

>>18547453
Everyone who buys these retarded tokens deserves it.

>>18547551
>>18547734
>>18547853
All audits are done by literal basement dwellers, while the REAL professional software auditors are employed at banks for $500,000 a year.
DeFi is for low IQ retards.

>>18547469
good job

>>18547932
But Open Zeppelin is one of the biggest players in smart contracts. Wouldn't they be credible in their audit of Aave's smart contracts? I think I may exit my position...

>>18547932
So ethereum paid basement dwellers at chain analysis for their audits too huh

>>18547932
don't underestimate the power of autism, /pol/ tracked down a terrorist compound based on the nearby scenery
this company's mistake was copying code, which is a dumb normie mistake

>>18547965
Yes
Ho Ho Ho MERRY 2016!!!!1

Who was that faggot from compound finance that got asshurt about chainlink?

Joey the cuck krung or something ? Or was it mike the dundas dumbass?

Their butthurt is so good, it's like McKiees asshurt on twitter.

That being said, I do enjoy Finrekt and ChainlinkGod

>>18547453
No privately owned addresses were compromised? Because if not... nothingburger

everything crypto are run by nobody failures roleplaying as pseudo bankers lmao

>>18547995
>>18547969
>>18547965
Guys seriously. Do I need to get out of AAVE? Is defi way more risky than I assumed? Obviously leverage is risky, talking about defi and aave specifically?

>>18548025
ye

>>18548029
I did and got to sell at $3.74

>>18548029
Only if you are investing more than you can afford to lose

>>18548193
>Only if you are investing more than you can afford to lose
I can afford to lose it all but I don't want to obviously. The maxim really just applies to investing in general. So AAVE has no dangers inherent to it specifically rather than just buying on margin?

>>18548193
Link is gonna be >81k each, even one on AAVE is too much according to you.

>>18548029
WTF does this have to do with aave? Do they have erc777 token on their platform? If not, then what are you worried about? If you're worried about defi in general, just pull everything out and put it in your hardware wallet.

>>18548205
I don't know anon I don't use the platform. You could try asking on the defi telegram but those guys can be annoying as fuck to deal with, seriously.

>>18548029
African American Vernacular English? Yes, for God's sake, man, GET OUT while you still can!

>>18548214
>some aspie's picture of a computer screen with a date change makes my prediction correct
i think your parents would be proud of you, if you manned a cash register at burger king.

>>18547453
Time for sergay to fix it

>>18547734

aave is not safe, no. it is GUARANTEED they get hacked, the question is when not if.

> makerdao MCD has critical bugs at launch
> bZx was a joke
> uniswap
> lendF.ME

aave doesnt even have a security page or multiple audits, are you kidding me? frens be careful, only trust systems once theyve been live for a long time and have many audits

>>18548218
>If you're worried about defi in general, just pull everything out and put it in your hardware wallet.
Thanks I did this. Made lots of link the past month but defi sketches me out... idk... I don't have the heart for anything but holding

>>18548280
I don't like burger King.

>>18548288
Thanks m8. I pulled out. Made a nice profit, but I'm done with it. Unfortunately I think you'll be proved right with time. They're on my ledger, around my neck, and now I'll sleep so much better

>>18548323
Probably a wise move. I do have high hopes for aave though, they seem to be on track to becoming the most reputable lending platform. But nothing will prove it except time

>>18547453
> erc777
Cursed coin if it has known vulnerability. Skelly should be more careful with holy digits

>>18547453
So who exactly lost all this money?

>>18548506
Chinks using a compound knockoff

Literally what is any of this shit, this space is so goddamn saturated with endless coins and projects how does anyone keep up.

>>18548519
Ohh, ching chong bing bong ping ding dong rut row hahaha.

>>18548519
so only chinks lost money? holy kek

https://etherscan.io/tx/0x9a133db4bd7846909f100f71fdf69c56a8acaeccf4f7e066d12612f896ce0f01

Same hacker sent $6M. Stay the fuck away

>>18548579
Sent $6M to aave. Looks like they've got their eyes set on it maybe?

>From there, the attacker can manipulate Uniswap to make the price of an asset very cheap in the original pool, allowing them to make away with coins at a price much lower than their actual market value.
>same vulnerability in LendMe

yep, it's another case of "shoulda used Chainlink".

>>18547453
It blows my mind that the discourse on twitter has been much more informative than on here but I guess it’s 2020 /biz/ for ya

>>18548579

Correct and the hacker will take your LINK out of aave now that they have millions inside. Now is NOT the time to risk everything with the hope of making 1% more somehow

If i would have thousands on such platforms then I would definitely think about it to sign up for a insurance. But I noticed most don't even know that they exist.

https://nexusmutual.io/
https://etherisc.com/
https://cryptoinsuranceswiss.com/

So what does all of this mean for link?

>>18548599
>>18548616
see

>>18548655
I'm a brainlet, I'm assuming Chainlink could've prevented this from happening? Is this true from a technical standpoint?

defi is a meme. NFTs are the real killer app for ethereum and crypto platforms.

>>18548605
Isn't AAVE utilizing link?

>>18548553
And I guess the fund that invested 1.5 million into them a few days ago.

>>18548682
yes, and it doesn't use ERC777
and it doesn't have any open vulnerabilities
https://blog.openzeppelin.com/aave-protocol-audit/

Not saying AAVE is safe, but it is to this particular hack.

>>18548591
Well I don't think aave has any erc777 tokens do they? The hacker is probably just earning interest some interest.

>>18548705
>ERC777
Isn't this what the link token is?

>>18548670
exactly. If the price had been determined by oracles rather than some pool ratio mechanism, there would have been no problem.

AAVE won't ever get hacked. It's run by competent people

>>18548605
I took everything out

>>18548714
No, LINK is ERC677

>>18548705
>>18548713
>Not saying AAVE is safe, but it is to this particular hack.
Then why did this particular hacker put all his winnings into aave? There's no way it was for interest, straight from the same wallet from the hack. No way. He's been doing the same big deposits for all the exchanges he hits.

https://twitter.com/FrankResearcher/status/1251771282410090496
The hack would not have been stopped by chainlink as it was not a matter of just fucking with price feeds.
And now hacker is aiming at aave. Seems like he has a plan and few exploits up his sleeve after waiting for prices to bounce back from march.... GET OUT OF AAVE NOW

https://twitter.com/FrankResearcher/status/1251771280896004096

>>18548751
but anon there is now 20 million dollars locked up in aave and people are doubling their link stacks as we speak. you don't want to miss out do you?

https://twitter.com/FrankResearcher/status/1251771282410090496

>>18547520
>Defi is turning out to he a huge fucking clusterfuck.
Said you. Your reality is silly. Fuck you.

>>18548599

This is incorrect information. This "hack" is nothing like the bZx price hack

savage

https://twitter.com/lawmaster/status/1251774495389634562

>>18548751
This particular hack exploits imBTC
Aave doesn't take imBTC as collateral.

Here I am with plenty of LINK laughing at defi. As long as link keeps it up I'll be fine.
Fuck defi
Fuck jannies
Fuck niggers
Fuck spics

>>18549054
I'm not saying he is but he could have another exploit. Why'd he send $6M usdt to aave? I promise you it isn't for the sweet yields...

>>18548878
https://github.com/ConsenSys/Uniswap-audit-report-2018-12#31-liquidity-pool-can-be-stolen-in-some-tokens-eg-erc-777-29
Pool pricing is involved. There are other ways to prevent it but Chainlink would too.

>>18548538
Kek this. I'm not nearly autistic enough for all of it

>>18549072
And why not? Aave is a decent project, the project that got hacked was a shitty Chinese Compound copy, maybe hacker thought they deserved it.

>>18549087


chainlink wouldn't have prevented this. Read what you posted


https://twitter.com/_WhenMoon_/status/1251724758116208641

Reentracy attacks have nothing to do with oracles/price feeds. Not sure where you got this false information from.

>>18549072
He also sent a good chunck to Compound and also bought DeFi tokens.

I think you're being paranoid, but you can never be too safe. If you're scared, withdraw your tokens from DeFi and moved them to your personal wallet.

>>18549122
The hacker, who has just hacked a decentralized money market for 25 million dollars, is now going to trust his hard-won money with another decentralized money market just because 2% yields....

>>18547919
It’s amazing people still can’t manage to figure this out. Buy the holy trinity and retire early, it’s that simple.

>>18549087
Read this thread. Can't see how chainlink would have done anything here
https://twitter.com/The3D_/status/1251764893046525954

Who the fuck invests 25M in a shit asset. Sounds funny to begin with.

>>18549168
If you don't trust DeFi, then you can just use Binance. You just put LINK into margin account(everything in margin account will be collateral), borrow btc or $ and buy more LINK. There will be an indicator showing your risk level. So you know how close you are to the liqudation. There's a good explanation video on it from Binance themselves.

>>18547453
this is why ETH will go back to $45, and CKB will 50x.

>>18548929

>>18547488
It's when a transaction enters the contract again before the original function is done executing. Take this very simplified contract function for example.

Withdraw:
1. See if user has funds according to record
2. Send user the funds
3. Deduct the funds record

ETH is made in such a way that enables very sophisticated interactions between contracts, although instead of using this feature people abuse it. At stage 2 of the execution, if a contract called this "Withdraw" function, (and remember, according to eth ideology which I think is good but people misunderstand it, contracts are no different than people) then it can intercept the execution, and call the function again, so the execution will end up looking like this instead:

1. Check if user has funds
2. Send him funds
3. User calls withdraw again at the same transaction, only a contract can do this
4. Check if user has funds ( he still does as they weren't deducted)
5. Send him funds (a second batch now)
6. Deduct funds
7. Deduct funds (yeah it's done twice since the original function where it was intercepted has to come back)

And an "Attack contract" will look like this, it'll have 2 functions:
Default function that executed when funds are sent:
1. Call withdraw on whoever sent the funds
Abuse:
1. Call withdraw on the target contract

It'll also have functions that enable it to occur funds in the target contract in the 1st place but it's irrelevant to the hack itself, when the attacker wants to steal funds he can simply call his "Abuse" function and watch as he receives 2x the money in an instant.

This is an extremely basic example that hopefully most contracts today are immune to, I haven't checked this imBTC hack but I most definitely will.

>>18549240
ETH price didn't even flinch because of this fgt. Noone in their right mind would do business with losers who stole code and thus could care less about security.

>>18549297
why the fuck would you allow this intercept shit in the first place?

>>18548714
>>18548730
LINK got downgraded again??
Fuck the ethereum council

>>18549318
Because that's simply how it works by design, as I said there's no difference between contracts and people, and a contract "sending funds" should have the same effect as when a user sends funds, which they would also trigger the "Default function that executed when funds are sent"

This makes a lot of sense from a design standpoint.

>>18548614
Nexus Mutual refused to payout for the MakerDAO failures on the Coronacucking day.

They lost all credibility then. We really need to start moving shit to enforcing on Kleros. Smart contracts need oracles that can actually interface with more than numbers.

>>18549805
yes...Kleros...

>>18547520
>Did these hacked projects have audited code by a company like chain analysis at least before intermediating with people's fucking money?

come on now. this is crypto, you know the answer already.

>>18547453
>Eth pool
The flippining is coming. Even the hackers are switching to ether.

>>18547734
>Guys is aave vulnerable to any stupid shit
Of course. This will be the first great purge of old linkers. Their greed to get more link will have many lose their entire stacks.

>>18547734
>After reviewing all issues reported with the Aave team, we downgraded 1 critical issue and considered 2 high-severity issues as non-issues.

Collateral went to AAVE from 2 last hacks, lmao
Check the news, AAHAHAHAHAHAHAHAHA
IT'S ALL TRU ISNT' IT
PEE POO POO PEEEEEEE
AAAAHAHAHAHAHAHA
ALL OF IT PEEEEEEEEEEEEEEEEEEEE
POOOOOOOOOOHAHAHAHAHA
IS IT? IS IT

>>18547919
You should add LIT.
LIT is like the fourth wave of unanimous approved /biz/ coins.

I think the average /biz/ portfolio looks about:
20% BTC
25% ETH
20% LINK
5% LIT
30% other, mainly bsv and xrp

>>18550494
Sergey sends his team to kill the competions and send the fund to one of his partner

Told you faggots not to use uniswap. Morons.

>>18551097
Only the imBTC-ETH pool was drained though
it's not uniswap's fault that imBTC is a shitcoin, and uniswap has no control over who creates a pool there with which shitcoin

>>18547453
What is this pattern called?

>>18551399
Dead cat bounce

>>18549131
Linkers are so low IQ they think Chainlink is decentralized so there's no point in trying to have a technical discussion with them. It's like talking to an ape.

>>18551533
Based. And yes that is true. Feel sorry for a lot of them.

>>18549805
>Nexus Mutual refused to payout for the MakerDAO failures on the Coronacucking day.

Kek, if only there was some sort of smart contract that couldve prevented something like this. Something that links your insurance policy to them, and chains them to their obligation to pay it.

Yep, if only.

>>18551533
>>18551801
Except it's the most decentralized oracle and worked flawlessly on black Thursday. Imagine thinking that communist pedophile has any idea what he's talking about, imagine thinking you're smarter than Klauss Schwab lmao fucking YIKES

>>18549805
>Nexus Mutual refused to payout for the MakerDAO failures on the Coronacucking day.
Insurance policies state what they insure against...
Are you surprised they didn't pay out after an event that nobody was paying them to insure for?

Like if I've got collision insurance on my car, and some homeless methhead breaks the window and shits on my seat, do you think my car insurance should pay for the repair and detailing?
If it's not covered in the policy, it's not covered. That's pretty widely understood as how insurance works.

>>18547469

The anonymous hacker group strikes again

>>18547867
FUCK YOU LOW IQ SHILLS

>>18548288
they do have one but i agree with you. the argument you will here is muh chainlink oracles.

>imBTC
literally nothing

>>18547453
Ethereum getting hacked is bullish. Now Vitalik can bail them out again

>>18547734
Don't trust ANY defi for at least 2 or 3 years. The risk is beyond insane

>>18548600
Because people here spend their time looking into it rather than writing about it.

im scared

>>18549300
imho eth prie didnt budge because of tether pump. could be wrong ofcourse

Not the dumbest thing i ever saw, TBQH.
I just withdrew all funds from some unfortunate assholes account. Idiot had an _SSH_ wallet.
Here, look for yourself:
cristopher87@62.171.191.135
password - hIOmZZxYfiGSLdd

>>18549297
Reentrancy guards are one of the simplest things to implement, I feel like these devs are the ones hacking their own shit.

>>18547453
I thought ethereum defi was better than lightning network?
Kek

>>18551062
I wouldn’t be surprised hahahahaha

>>18552883
It's better because people are actually using it and building shit. If you have a thousand different people working to build things it's only natural some of their projects will have bugs. Lightning network is safer because no one fucking uses it and no one cares.

>>18547551
Typical chink behavior. Just copy and imitate, without understanding or caring about unintended outcomes.

anyone else have trouble with 1.exchangge? it keeps saying there isnt any liquidity

>>18552907
Wrong, you use defi because you're stupid and greedy and don't wait for the proper system to be developed
Defi is a fart in the wind with the risk of losing everything
Ethereum chain is a joke you can't even validate it

>>18552907
>building
People are just copying the same lending idea from each other. nothing new

>>18553019
99% of the projects have been audited and are good to go. Some of these shittier ones get hacked and somehow that's a flaw in Ethereum or DeFi. Get fucked idiot.

>>18548029
Sky

>>18552790
https://www.youtube.com/watch?v=3w3y_6-9lD4

>>18551399
get pounded in the ass down trend

>>18553354
Actually, no. Link is a phenomenon. And it won't stop.

>>18553372
CZ has stopped it many times

>>18547520
>Is it really a hacker though?
Don't you remember? Code is law, and law has loopholes. Are people still illiterate enough to believe smart contracts holding money are going to be a thing? When will all of you realize that most 'community' bullshit involving tech always ends badly?

>>18549297
thx for the grade school break down fren

>>18547453
They should've used 0xBitcoin.

>>18553384
Fundz are safu. CZ has limited power.

what is this imBTC garbage and why aren't these idiots using 0xBitcoin

>>18553662
Because it's a scam.

>>18551533

>>18553723
Yeah, you are right, it was much safer that way:D