In the financial world, advancements and innovations are at their peak. One of the finest innovations is Smart Contracts. It is nothing but automation of the deal-making process. Like its conventional counterpart, it also needs two or more parties and deals with realities, exchange shares, money, documents, or any proprietary. The major advantage of this contract system is the absence of any intermediary. Some of the most exciting features of smart contracts include its autonomy, decentralized nature, and auto-sufficiency.
However, this technology, like all other innovations, is at its nascent stage and it has to cover a huge path before becoming flawless. These are the certain loopholes of Smart Contract that need to be plugged.
The technicalities of Smart Contract are bound to be complex and this is the reason it is yet to be grasped by the users completely. Once agreed by the parties, the Smart Contract gets registered. Making further changes is quite a task in its current form. It sometimes leads to breakage of the system or becoming prone to cyber threats.
Smart Contract needs flawless coding for efficient working. Any amount of clerical error may put the whole system into a threat of going haywire.
The role of the third-party cannot be excluded completely; the system still needs IT experts, lawyers, and consultants.
One of the major facilitators with an advanced form of Smart Contract is AirSwap. It has been proving its worth time and again in the efficient application of Smart Contracts amongst numerous users.
However, there is a recent potential threat identified by the AirSwap’s internal security review processes that could have allowed an attacker to process the transaction without the consent of the counterparty. These loopholes have been checked by the AirSwap team and the following steps have been taken.
- Immediately after discovering the potential threat, AirSwap checked all the high-value users and checked all the accounts that might have been affected. It also de-risked the funds of one particular user that had a majority of smart contracts affected.
- AirSwap has done away with all the vulnerable components and contracts from its AirSwap UI and its tools. It is now impossible to access those vulnerable contracts unless the user manually opts for it.
- AirSwap also implemented an exploit code to drain all the vulnerable funds that worked as a debit freeze.
- It also came with public communication and the official version of remediation was also published.
- It went on to promise of doing an internal review or post-mortem analysis and come up with all the changes needed on their security and deployment processes.
The Launch of Bug Bounty
Following the discovery of the vulnerabilities, the AirSwap team has announced a bug bounty program that may reward the bug founder up to 20,000 DAI (worth $20,000). It started on December 4 and it is likely to continue for an indefinite period. As per the official announcement, a low-level fix could fetch 250 DAI and a high-level fix can yield up to 2000 DAI. The value of the bug bounty will be decided by the severity of the bug found as per the OWASP risk rating methodology and as judged by the AirSwap team.