The Bundles Finance Saga: De.Fi stimulates the DeFi platform to increase security of its smart contracts

Importance of the DeFi community being proactive and attentive to yield farming terms proposed by decentralized platforms has been once again confirmed by a recent case on a code insecurity of Bundles Finance.

Check out our book about DeFi on Amazon!

Act #1

The story started with a warning published by the De.Fi.info team indicating a high risk of the project’s smart contract code: availability of a drain function was revealed, which could be executed by a EOA owner. This allowed him to drain liquidity pools at any time.

Act#2

The public facing team of Bundles Finance noticed the warning. They not only reacted to the issue, but also admitted that the code must be corrected. The project’s founder published a video with a detailed explanation on the situation (https://www.youtube.com/watch?v=3spqS7TGtK0&feature=youtu.be&t=147 ). As he informed, the smart contracts were audited by SolidityFinance prior to the platform deployment. But after that, a member of the project’s external development team decided to add the drain function with the purpose of the code security enhancement. The idea was that in case something happens to the smart contract functionality, the funds would not be locked in it and their withdrawal could be managed.

Immediately after De.Fi had published the warning, Bundles Finance replied trying to explain availability of the drain function:

As the Bundles Finance founder points out in the video, it was a communicational mistake inside the project that the developer, which added the drain function, didn’t draw proper attention of the project managers to the smart contract modification made. The public was first to react.

Currently, the problem is being solved. Solidity was contacted with a request of the new contracts deployment for Bundles Finance. As a result, funds staked with the insecure smart contract version get withdrawn to the liquidity providers. Staking is paused until the new smart contract code is deployed and can be externally audited.

Conclusion

My efforts to make the DeFi industry cleaner and more transparent have given great results again. Thousands of dollars could have stayed under the high risk, if De.Fi had not found the smart contract code insecurity element.

How fast yield farming projects react to warnings and code security requests is always instructive for investors in terms whether these platforms can be trusted or not. Bundles Finance is a positive example of the transparent and responsible communication attitude, the community respect and the fast problem solving. In contrast, when executives of DeFi projects systematically postpone answering community questions or give ambiguous and shady replies, it’s a clear warning sign for the investors that they should consider withdrawing their funds from these risky platforms while it’s still possible.

As soon as Bundles Finances deploys the corrected smart contract as promised, I’ll update the community in my posts. Stay tuned.

Check out other articles from the Saga series:

• The Deus Finance Saga
• The Alpha Lab Infinite Minting Saga
• The YFFS Saga

Check our guides:

Solana Network Ultimate Yield Farming Guide [Infographics]
Fantom Network Ultimate Yield Farming Guide [Infographics]
Huobi ECO Chain Ultimate Guide for Yield Farming
Polygon Network Ultimate Guide for Yield Farming
Binance Chain Ultimate Guide for Yield Farming

And join us on twitter and telegram!