In recent news, the Sui-based yield trading protocol Nemo suffered a $2.59 million exploit due to critical security oversights. This event underscores the importance of auditing and implementing strong security measures in the world of decentralized finance (DeFi).
What Happened?
The hack, which occurred on September 7, revealed a vulnerability caused by unaudited code being deployed on the protocol. The issue resided in a key function called get_sy_amount_in_for_exact_py_out, which was meant to reduce slippage but left the protocol exposed to manipulation. This unauthorized code was deployed by skipping essential auditing and bypassing safe deployment procedures.
Avoidable Mistakes
According to the incident’s post-mortem, security firm Asymptotic flagged the issue in a preliminary report, but the Nemo team overlooked it, focusing on other priorities. Additionally, the upgrade process allowed a single signature to deploy code onchain, bypassing crucial controls. A safer practice, such as requiring multisignature approvals, could have thwarted the exploit entirely.
This scenario is unfortunately not isolated in the crypto space. For example, NFT platform SuperRare suffered a $730,000 loss in July due to a smart contract flaw that also stemmed from a lack of proper testing and auditing. These events highlight how simple preventive measures such as code reviews and strict access protocols could save projects millions.
Steps Taken Post-Hack
In response to the exploit, Nemo has paused its protocol core functions to minimize further damage. Additionally, the team has collaborated with security firms and provided necessary information to freeze assets on centralized exchanges. A patch to address the vulnerability has been implemented and audited by Asymptotic before redeployment.
The project has also introduced significant upgrades, including the removal of its flash loan feature, fixes to vulnerable code, and the addition of a manual-reset function to address affected values. Nemo is developing a user compensation plan, integrating debt restructuring within its tokenomics model to ensure affected users are reimbursed.
Lessons for the Crypto Community
This incident serves as a stark reminder of the critical importance of security practices in DeFi. Without adequate checks, vulnerabilities can lead to substantial financial losses and erode user trust. Projects must prioritize:
- Auditing all code before deployment.
- Implementing multisignature verification for major protocol changes.
- Regular testing and continuous monitoring for vulnerabilities.
For individuals engaging with DeFi protocols, it’s worth considering the security measures in place. Look for platforms that showcase audited code and have transparent risk management strategies.
Recommended Product for Digital Security
If you’re investing or working with crypto, ensure your assets are secure. The Ledger Nano X, a leading hardware wallet, offers top-tier protection for managing your digital assets. With built-in recovery and support for various cryptocurrencies, it’s a must-have for crypto enthusiasts concerned with security.
Nemo has apologized to its users and stated that it has learned a valuable lesson: security and risk management require constant vigilance. As the DeFi space evolves, protocols that prioritize security are more likely to retain trust and thrive in the long term.
