Pike Finance, a decentralised finance (DeFi) lending protocol specialising in offering a universal liquidity market, enhancing the utility of native assets by enabling lending and borrowing directly on their origin blockchain eliminating the need for wrapping assets for cross-chain transactions. Recently suffered a hack amounting to a loss of approximately $1.9 million due to vulnerabilities within its smart contracts.
Behind the Breach
The breach at Pike Finance was attributed to a smart contract vulnerability that allowed hackers to manipulate contract functions. Specifically, the exploit involved the modification of the initialized variable within the contract, which made the contract act as if it was uninitialised. This allowed the attackers to upgrade the contracts without admin permissions and steal the funds.
Lessons from the Incident
The Pike Finance incident underlines critical vulnerabilities in the initialisation and permission settings. To prevent such occurrences in the future, it is advisable for DeFi protocols to implement thorough testing and auditing of their smart contract code. Regular audits and bug bounty programmes are effective controls that can help identify and mitigate potential vulnerabilities before they can be exploited.
