An attacker could have placed a limit buy order with an arbitrarily high open price to automatically win every trade, the Zellic security platform discovered.
Two different bugs in a fork of the Gains Network leveraged trading protocol could have allowed traders to profit 900% on every trade, regardless of the price of the token traded, according to an April 19 report from blockchain security firm Zellic. One of the bugs existed in a previous version of Gains but was later patched. The other was only found in a fork of the protocol.
According to Zellic, its staff informed the developers of Gains forks Gambit Trade, Holdstation Exchange, and Krav Trade of the vulnerability, and these development teams have ensured their protocols do not contain such two flaws. However, other Gains forks may still be vulnerable, Zellic warned.
According to its official website, Gains Network is an ecosystem of decentralized finance (DeFi) products on Polygon and Arbitrum. The official name for its leveraged trading app is “gTrade.” It has facilitated over $25 billion in derivatives volume since its inception in May 2023, according to blockchain analytics platform DefiLlama.