{"id":1312,"date":"2020-12-08T12:39:28","date_gmt":"2020-12-08T12:39:28","guid":{"rendered":"https:\/\/de.fi\/blog\/?p=1312"},"modified":"2023-09-17T10:31:55","modified_gmt":"2023-09-17T10:31:55","slug":"the-bundles-finance-saga-defiyield-info-9a25a8b99140","status":"publish","type":"post","link":"https:\/\/de.fi\/blog\/the-bundles-finance-saga-defiyield-info-9a25a8b99140","title":{"rendered":"The Bundles Finance Saga: De.Fi stimulates the DeFi platform to increase security of its smart contracts"},"content":{"rendered":"

Importance of the DeFi community being proactive and attentive to yield farming terms proposed by decentralized platforms has been once again confirmed by a recent case on a code insecurity of Bundles Finance.<\/p>\n

Check out our book about DeFi on Amazon!<\/a><\/p><\/blockquote>\n

Act #1<\/strong><\/p>\n

The story started with a warning published by the De.Fi.info team indicating a high risk of the project\u2019s smart contract code: availability of a drain function was revealed, which could be executed by a EOA owner. This allowed him to drain liquidity pools at any time.<\/p>\n

\"[https:\/\/t.me\/de.fi\/18837](https:\/\/t.me\/defiyield_app\/18837)\"<\/p>\n

Act#2<\/strong><\/p>\n

The public facing team of Bundles Finance noticed the warning. They not only reacted to the issue, but also admitted that the code must be corrected. The project\u2019s founder published a video with a detailed explanation on the situation (https:\/\/www.youtube.com\/watch?v=3spqS7TGtK0&feature=youtu.be&t=147<\/a> ). As he informed, the smart contracts were audited by SolidityFinance prior to the platform deployment. But after that, a member of the project\u2019s external development team decided to add the drain function with the purpose of the code security enhancement. The idea was that in case something happens to the smart contract functionality, the funds would not be locked in it and their withdrawal could be managed.<\/p>\n

Immediately after De.Fi had published the warning, Bundles Finance replied trying to explain availability of the drain function:<\/p>\n

\"[https:\/\/t.me\/de.fi\/18865](https:\/\/t.me\/defiyield_app\/18865)\"<\/p>\n

As the Bundles Finance founder points out in the video, it was a communicational mistake inside the project that the developer, which added the drain function, didn\u2019t draw proper attention of the project managers to the smart contract modification made. The public was first to react.<\/p>\n

\"[https:\/\/twitter.com\/BundlesFinance\/status\/1334949318357217280](https:\/\/twitter.com\/BundlesFinance\/status\/1334949318357217280)<\/p>\n

Currently, the problem is being solved. Solidity was contacted with a request of the new contracts deployment for Bundles Finance. As a result, funds staked with the insecure smart contract version get withdrawn to the liquidity providers. Staking is paused until the new smart contract code is deployed and can be externally audited.<\/p>\n

\"[https:\/\/t.me\/de.fi\/19553](https:\/\/t.me\/defiyield_app\/19553)\"<\/p>\n

Conclusion<\/strong><\/p>\n

My efforts to make the DeFi industry cleaner and more transparent have given great results again. Thousands of dollars could have stayed under the high risk, if De.Fi had not found the smart contract code insecurity element.<\/p>\n

How fast yield farming projects react to warnings and code security requests is always instructive for investors in terms whether these platforms can be trusted or not. Bundles Finance is a positive example of the transparent and responsible communication attitude, the community respect and the fast problem solving. In contrast, when executives of DeFi projects systematically postpone answering community questions or give ambiguous and shady replies, it\u2019s a clear warning sign for the investors that they should consider withdrawing their funds from these risky platforms while it\u2019s still possible.<\/p>\n

As soon as Bundles Finances deploys the corrected smart contract as promised, I\u2019ll update the community in my posts. Stay tuned.<\/p>\n

Check out other articles from the Saga series:<\/p>\n