ParaSwap, a decentralized finance (DeFi) aggregator, has initiated the process of refunding cryptocurrencies to its users following the resolution of a critical vulnerability in its Augustus v6 smart contract, which was identified last week.
The vulnerability came to light shortly after the introduction of the contract on March 18, intended to enhance swapping efficiency and reduce gas fees. However, it was discovered that the contract contained a significant flaw, enabling hackers to siphon funds when granted approval.
On March 24, the ParaSwap team announced that all assets recovered by white hat hackers had been returned, and permissions to Augustus v6 had been revoked. However, it was noted that 213 addresses had yet to revoke their allowances to the compromised contract.
Revoking permissions to a smart contract typically involves halting or disabling its blockchain operations, thereby preventing the contract from accessing the user’s wallet and tokens.
The vulnerability was initially identified on March 20, prompting ParaSwap to temporarily pause its application programming interface (API) and secure at-risk funds through a white hat hack. The involvement of white hat hackers played a crucial role in mitigating potential losses.
ParaSwap has been actively addressing the aftermath of the security incident, submitting a comprehensive report to relevant authorities to aid in the investigation of the stolen funds.