Zapper Zaps Its Own Vulnerability Before Hackers Do

unknown 6

Twenty days after upgrading its “Polygon Bridge” smart contract, Zapper found a vulnerability in its own deprecated version. 

According to a tweet, the Zapper project “exploited the vulnerability ourselves and all of the funds have been rescued.”

The problem would have affected those with an infinite approval for the bridge contract. Infinite approval is part of the ERC-20 token standard. Users can set custom approval levels for spending when interacting with dapps, but this step requires an extra click on “view full transaction details” when using Metamask.

Zap Out

Debank, a data provider, provides a way to manage approvals under the profile tab. Etherscan too, the block explorer, provides a page with which users can check token approvals.

Earlier this month, Zapper prevented another bug in its “Zap out” contracts from Sushiswap and Uniswap V2 from being exploited, as well as a small bug dealing with the project’s new NFT venture.

The episode is a valuable reminder that potential hacks are not limited to core DeFi protocols but extend to glitches in dashboards and projects supporting these core systems.

Get smarter on DeFi and Web3

Get the 5-minute free newsletter keeping 60K+ crypto innovators in the loop.

No spam. Unsubscribe anytime.

Trending Now

CelsiusWithdrawalsPaused
Celsius Defies Fear of Implosion as Token Soars 218%
SMSOSOM
Solana Labs Has About 10 People Working on Its Saga Mobile Phone
MarketsPump
Crypto Markets Sustain Rally After Monster Rate Hike

Recent Jobs