Decentralized trading protocol DODO says a white hat hacker recently reported a vulnerability in the vDODO contract.
vDODO Disabled to Stall Possible Hacking Attempt
In a recent announcement, a white hacker discovered and reported a vulnerability in the vDODO contract to the DODO Team. Hackers could exploit this vulnerability to reduce vDODO holders’ referral staking power. The DODO team spun into action immediately to prevent this by disabling the vDODO contract’s transfer function until a solution is found.
However, vDODO assets owned by the user are not affected. The attackers themselves cannot gain any revenue from the attack, and it will only cost them their own gas fees.
The DODO team announced on their website to inform people of the current threat and their initiative to stop it. In the announcement, the team assured users that no one had been affected to date, and they are working to find a solution to the challenge.
Currently, the protocol has temporarily disabled the assignment function of the vDODO contract to avoid attack activities and is currently looking for a solution. User assets remain unaffected, and users need not be worried.
The DODO team said:
“After analyzing and inventorying all past on-chain transactions, we have not found any user that has been impacted by this vulnerability. Despite this, we have currently suspended vDODO’s transfer function to avoid attacks. It will be restored when the source of the vulnerability is fixed.”
How Can the Vulnerability be Exploited
For the vulnerability to be effectively exploited, it will require the participation of two attackers who would work as follows:
Attacker 1 would transfer some vDODO to Attacker 2, who has not previously set a referral superior, and the referral power is credited to address 0x0000000 (known as the zero address).
Attacker 2 then sets the victim as their referral, but the referral staking power provided by Attacker 2 is not properly recorded and still remains at the zero address.
Attacker 2 will transfer the vDODO out, removing the extra referral staking power from the victim.
DODO Places Premium on Scalability and Flexibility
DODO is a decentralized exchange platform powered by the Proactive Market Maker (PMM) algorithm. It features highly capital-efficient liquidity pools that support single-token provision, reduces impermanent loss, and minimize slippage for traders. The trading platform also offers SmartTrade, a decentralized liquidity aggregation service that routes to and compares various liquidity sources to quote the optimal swap rate between any two tokens.
In addition, this platform removed all roadblocks hindering liquidity pool creation for the issuance of new assets – asset ratios, liquidity depths, fee rates, and other parameters can all be freely customized and configured in real time. Based on this breakthrough, DODO has developed Crowdpooling, a permissionless, equal opportunity liquidity offering mechanic, and customizable technological solutions geared towards professional on-chain market makers. DODO is a multi-chain network which is available on ETH, BSC, Polygon, Arbitrum, HECO, OKC, Aurora, Moonriver and Boba. The platform emphasizes scalability, flexibility, and versatility and brings ample liquidity across the full spectrum of DeFi networks and scaling solutions.